services/nscd: use tmpfiles for proper lifetime guarantees

2024-12-30 02:27:37 +08:00 · 2024-12-30 02:27:37 +08:00 · a335722afd
parent 0c28d393fa
commit a335722afd
1 changed files with 15 additions and 2 deletions
--- a/nixos/profiles/services/nscd/default.nix
+++ b/nixos/profiles/services/nscd/default.nix
@ -1,4 +1,9 @@
-{ lib, mylib, ... }:
+{
+  config,
+  lib,
+  mylib,
+  ...
+}:
 {
  services.nscd = {
    enable = true;
@ -6,7 +11,15 @@
  };

  systemd.services.nscd.serviceConfig = mylib.misc.serviceHardened // {
-    RuntimeDirectoryPreserve = true;
+    RuntimeDirectory = lib.mkForce "";
    ProtectHome = lib.mkForce true;
  };
+
+  systemd.tmpfiles.settings."20-nscd" = {
+    "/run/nscd".d = {
+      mode = "0755";
+      user = config.services.nscd.user;
+      group = config.services.nscd.group;
+    };
+  };
 }