disable the systemd --user
instance in a less hacky way, which hopefully causes fewer gitea-related errors
This commit is contained in:
@@ -107,7 +107,7 @@
|
|||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
services.openssh.settings.UsePAM = true; #< required for `git` user to authenticate
|
# services.openssh.settings.UsePAM = true; #< required for `git` user to authenticate
|
||||||
|
|
||||||
# hosted git (web view and for `git <cmd>` use
|
# hosted git (web view and for `git <cmd>` use
|
||||||
# TODO: enable publog?
|
# TODO: enable publog?
|
||||||
|
@@ -37,7 +37,7 @@ in
|
|||||||
enable = true;
|
enable = true;
|
||||||
settings.PermitRootLogin = "no";
|
settings.PermitRootLogin = "no";
|
||||||
settings.PasswordAuthentication = false;
|
settings.PasswordAuthentication = false;
|
||||||
settings.UsePAM = lib.mkDefault false; #< notably, disables systemd session tracking; incidentally disables pam_mount, etc.
|
# settings.UsePAM = lib.mkDefault false; #< notably, disables systemd session tracking; incidentally disables pam_mount, etc.
|
||||||
};
|
};
|
||||||
sane.ports.ports."22" = {
|
sane.ports.ports."22" = {
|
||||||
protocol = [ "tcp" ];
|
protocol = [ "tcp" ];
|
||||||
|
@@ -118,7 +118,12 @@
|
|||||||
|
|
||||||
sane.users.colin.default = true;
|
sane.users.colin.default = true;
|
||||||
services.getty.autologinUser = lib.mkDefault "colin";
|
services.getty.autologinUser = lib.mkDefault "colin";
|
||||||
security.pam.services.login.startSession = lib.mkForce false; #< disable systemd integration
|
# security.pam.services.login.startSession = lib.mkForce false; #< disable systemd integration
|
||||||
|
|
||||||
|
# disable the `systemd --user` instance for colin.
|
||||||
|
# systemd still starts a user.slice when logging in via PAM (e.g. `ssh`, `login`),
|
||||||
|
# but there's no user service manager which can start .service files or field `systemd --run` requests.
|
||||||
|
systemd.services."user@${builtins.toString config.users.users.colin.uid}".enable = false;
|
||||||
|
|
||||||
# systemd-user-sessions depends on remote-fs, causing login to take stupidly long
|
# systemd-user-sessions depends on remote-fs, causing login to take stupidly long
|
||||||
systemd.services."systemd-user-sessions".enable = false;
|
systemd.services."systemd-user-sessions".enable = false;
|
||||||
|
Reference in New Issue
Block a user