ghoscht/arion
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Support boot.tmpOnTmpfs without privileges

Browse source
This commit is contained in:
Robert Hensing 2019-03-21 15:34:51 +01:00
parent 15386e5145
commit a171b3d080
2 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
examples/full-nixos/arion-compose.nix
View file

@ -1,6 +1,7 @@
{ {
docker-compose.services.webserver = { pkgs, ... }: { docker-compose.services.webserver = { pkgs, ... }: {
nixos.useSystemd = true; nixos.useSystemd = true;
nixos.configuration.boot.tmpOnTmpfs = true;
nixos.configuration.services.nginx.enable = true; nixos.configuration.services.nginx.enable = true;
nixos.configuration.services.nginx.virtualHosts.localhost.root = "${pkgs.nix.doc}/share/doc/nix/manual"; nixos.configuration.services.nginx.virtualHosts.localhost.root = "${pkgs.nix.doc}/share/doc/nix/manual";
service.useHostStore = true; service.useHostStore = true;

4
src/nix/modules/service/nixos-init.nix
View file

@ -29,10 +29,10 @@ in
"/sys/fs/cgroup:/sys/fs/cgroup:ro" "/sys/fs/cgroup:/sys/fs/cgroup:ro"
]; ];
service.tmpfs = [ service.tmpfs = [
"/tmp:exec,mode=777"
"/run" # noexec is fine because exes should be symlinked from elsewhere anyway "/run" # noexec is fine because exes should be symlinked from elsewhere anyway
"/run/wrappers" # noexec breaks this intentionally "/run/wrappers" # noexec breaks this intentionally
]; ] ++ lib.optional (config.nixos.evaluatedConfig.boot.tmpOnTmpfs) "/tmp:exec,mode=777";
service.stop_signal = "SIGRTMIN+3"; service.stop_signal = "SIGRTMIN+3";
service.tty = true; service.tty = true;
}; };