disable the systemd --user
instance in a less hacky way, which hopefully causes fewer gitea-related errors
This commit is contained in:
@@ -107,7 +107,7 @@
|
||||
];
|
||||
};
|
||||
|
||||
services.openssh.settings.UsePAM = true; #< required for `git` user to authenticate
|
||||
# services.openssh.settings.UsePAM = true; #< required for `git` user to authenticate
|
||||
|
||||
# hosted git (web view and for `git <cmd>` use
|
||||
# TODO: enable publog?
|
||||
|
@@ -37,7 +37,7 @@ in
|
||||
enable = true;
|
||||
settings.PermitRootLogin = "no";
|
||||
settings.PasswordAuthentication = false;
|
||||
settings.UsePAM = lib.mkDefault false; #< notably, disables systemd session tracking; incidentally disables pam_mount, etc.
|
||||
# settings.UsePAM = lib.mkDefault false; #< notably, disables systemd session tracking; incidentally disables pam_mount, etc.
|
||||
};
|
||||
sane.ports.ports."22" = {
|
||||
protocol = [ "tcp" ];
|
||||
|
@@ -118,7 +118,12 @@
|
||||
|
||||
sane.users.colin.default = true;
|
||||
services.getty.autologinUser = lib.mkDefault "colin";
|
||||
security.pam.services.login.startSession = lib.mkForce false; #< disable systemd integration
|
||||
# security.pam.services.login.startSession = lib.mkForce false; #< disable systemd integration
|
||||
|
||||
# disable the `systemd --user` instance for colin.
|
||||
# systemd still starts a user.slice when logging in via PAM (e.g. `ssh`, `login`),
|
||||
# but there's no user service manager which can start .service files or field `systemd --run` requests.
|
||||
systemd.services."user@${builtins.toString config.users.users.colin.uid}".enable = false;
|
||||
|
||||
# systemd-user-sessions depends on remote-fs, causing login to take stupidly long
|
||||
systemd.services."systemd-user-sessions".enable = false;
|
||||
|
Reference in New Issue
Block a user