disable the systemd --user instance in a less hacky way, which hopefully causes fewer gitea-related errors

This commit is contained in:
2024-11-17 16:18:18 +00:00
parent f723aa008c
commit 09ed5a271d
3 changed files with 8 additions and 3 deletions

View File

@@ -107,7 +107,7 @@
]; ];
}; };
services.openssh.settings.UsePAM = true; #< required for `git` user to authenticate # services.openssh.settings.UsePAM = true; #< required for `git` user to authenticate
# hosted git (web view and for `git <cmd>` use # hosted git (web view and for `git <cmd>` use
# TODO: enable publog? # TODO: enable publog?

View File

@@ -37,7 +37,7 @@ in
enable = true; enable = true;
settings.PermitRootLogin = "no"; settings.PermitRootLogin = "no";
settings.PasswordAuthentication = false; settings.PasswordAuthentication = false;
settings.UsePAM = lib.mkDefault false; #< notably, disables systemd session tracking; incidentally disables pam_mount, etc. # settings.UsePAM = lib.mkDefault false; #< notably, disables systemd session tracking; incidentally disables pam_mount, etc.
}; };
sane.ports.ports."22" = { sane.ports.ports."22" = {
protocol = [ "tcp" ]; protocol = [ "tcp" ];

View File

@@ -118,7 +118,12 @@
sane.users.colin.default = true; sane.users.colin.default = true;
services.getty.autologinUser = lib.mkDefault "colin"; services.getty.autologinUser = lib.mkDefault "colin";
security.pam.services.login.startSession = lib.mkForce false; #< disable systemd integration # security.pam.services.login.startSession = lib.mkForce false; #< disable systemd integration
# disable the `systemd --user` instance for colin.
# systemd still starts a user.slice when logging in via PAM (e.g. `ssh`, `login`),
# but there's no user service manager which can start .service files or field `systemd --run` requests.
systemd.services."user@${builtins.toString config.users.users.colin.uid}".enable = false;
# systemd-user-sessions depends on remote-fs, causing login to take stupidly long # systemd-user-sessions depends on remote-fs, causing login to take stupidly long
systemd.services."systemd-user-sessions".enable = false; systemd.services."systemd-user-sessions".enable = false;