haveged module: clean up service configuration (#18513)

Switches from the forking service type to simple by running haveged in
the foreground. Also restricts the execution environment a bit (these
are inspired by the Debian service file).
This commit is contained in:
Robert Helgesson 2016-09-13 07:07:46 +02:00 committed by Franz Pletz
parent 87ee2736ce
commit b023e8f303

View File

@ -48,14 +48,18 @@ in
{ description = "Entropy Harvesting Daemon";
unitConfig.Documentation = "man:haveged(8)";
wantedBy = [ "multi-user.target" ];
path = [ pkgs.haveged ];
serviceConfig =
{ Type = "forking";
ExecStart = "${pkgs.haveged}/sbin/haveged -w ${toString cfg.refill_threshold} -v 1";
PIDFile = "/run/haveged.pid";
};
serviceConfig = {
ExecStart = "${pkgs.haveged}/bin/haveged -F -w ${toString cfg.refill_threshold} -v 1";
SuccessExitStatus = 143;
PrivateTmp = true;
PrivateDevices = true;
PrivateNetwork = true;
ProtectSystem = "full";
ProtectHome = true;
};
};
};