Unverified Commit 39e1727f authored by Sandro Jäckel's avatar Sandro Jäckel
Browse files

nixos/dex: fix start with latest systemd update 

With those settings starting dex crashed with:

Oct 03 21:37:51 hydrogen (tart-pre)[11048]: dex.service: Failed to set up mount namespacing: /run/systemd/mount-rootfs/sys/fs/cgroup/system.slice/dex.service/memory.pressure: No such file or directory
Oct 03 21:37:51 hydrogen (tart-pre)[11048]: dex.service: Failed at step NAMESPACE spawning /nix/store/q8clp1lm8jznxf9330jd8cwc6mdy6glz-dex-start-pre: No such file or directory
parent e61356b9

nixos/modules/services/web-apps/dex.nix

+2 −5
Original line number Diff line number Diff line
@@ -108,8 +108,7 @@ in 
        ProtectClock = true;

        ProtectHome = true;

        ProtectHostname = true;

        # Would re-mount paths ignored by temporary root

        #ProtectSystem = "strict";

        ProtectSystem = "strict";

        ProtectControlGroups = true;

        ProtectKernelLogs = true;

        ProtectKernelModules = true;
@@ -121,9 +120,7 @@ in 
        RestrictSUIDSGID = true;

        SystemCallArchitectures = "native";

        SystemCallFilter = [ "@system-service" "~@privileged @setuid @keyring" ];

        TemporaryFileSystem = "/:ro";

        # Does not work well with the temporary root

        #UMask = "0066";

        UMask = "0066";

      } // optionalAttrs (cfg.environmentFile != null) {

        EnvironmentFile = cfg.environmentFile;

      };