From 92740dd4a81e0f2ef3c185e66809e3fca5132f0d Mon Sep 17 00:00:00 2001 From: worldofpeace Date: Sun, 8 Sep 2019 05:03:46 -0400 Subject: [PATCH] nixos/upower: drop custom unit All of these changes ++ are in the upstream unit Also drop glib in path of unit as I don't believe this should be needed anymore. --- nixos/modules/services/hardware/upower.nix | 39 +++------------------- 1 file changed, 4 insertions(+), 35 deletions(-) diff --git a/nixos/modules/services/hardware/upower.nix b/nixos/modules/services/hardware/upower.nix index 96d88da6e8b..f6ce1101d54 100644 --- a/nixos/modules/services/hardware/upower.nix +++ b/nixos/modules/services/hardware/upower.nix @@ -5,8 +5,11 @@ with lib; let + cfg = config.services.upower; + in + { ###### interface @@ -49,42 +52,8 @@ in services.udev.packages = [ cfg.package ]; - systemd.services.upower = - { description = "Power Management Daemon"; - path = [ pkgs.glib.out ]; # needed for gdbus - serviceConfig = - { Type = "dbus"; - BusName = "org.freedesktop.UPower"; - ExecStart = "@${cfg.package}/libexec/upowerd upowerd"; - Restart = "on-failure"; - # Upstream lockdown: - # Filesystem lockdown - ProtectSystem = "strict"; - # Needed by keyboard backlight support - ProtectKernelTunables = false; - ProtectControlGroups = true; - ReadWritePaths = "/var/lib/upower"; - ProtectHome = true; - PrivateTmp = true; + systemd.packages = [ cfg.package ]; - # Network - # PrivateNetwork=true would block udev's netlink socket - RestrictAddressFamilies = "AF_UNIX AF_NETLINK"; - - # Execute Mappings - MemoryDenyWriteExecute = true; - - # Modules - ProtectKernelModules = true; - - # Real-time - RestrictRealtime = true; - - # Privilege escalation - NoNewPrivileges = true; - }; - }; - # The upower daemon seems to get stuck after doing a suspend # (i.e. subsequent suspend requests will say "Sleep has already # been requested and is pending"). So as a workaround, restart