configs/releng: remove custom reflector.service and use the service provided by the package
archiso specific options are placed in a /etc/systemd/system/reflector.service.d/archiso.conf drop-in.
This commit is contained in:
nl6720
parent
486b1910dd
commit
9544bbfdf1
@ -1 +1 @@
|
|||||||
../reflector.service
|
/usr/lib/systemd/system/reflector.service
|
||||||
@ -1,44 +0,0 @@
|
|||||||
#
|
|
||||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
||||||
|
|
||||||
[Unit]
|
|
||||||
Description=pacman mirrorlist update
|
|
||||||
Wants=network-online.target
|
|
||||||
After=network-online.target nss-lookup.target
|
|
||||||
ConditionKernelCommandLine=!mirror
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
Type=oneshot
|
|
||||||
ExecStart=/usr/bin/reflector --protocol https --latest 70 --sort rate --save /etc/pacman.d/mirrorlist
|
|
||||||
Restart=on-failure
|
|
||||||
RestartSec=10
|
|
||||||
CacheDirectory=reflector
|
|
||||||
CapabilityBoundingSet=~CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_CHOWN CAP_FSETID CAP_SETFCAP CAP_DAC_OVERRIDE CAP_DAC_READ_SEARCH CAP_FOWNER CAP_IPC_OWNER CAP_NET_ADMIN CAP_SYS_TIME CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE CAP_KILL CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_NICE CAP_SYS_RESOURCE CAP_MAC_ADMIN CAP_MAC_OVERRIDE CAP_SYS_BOOT CAP_LINUX_IMMUTABLE CAP_IPC_LOCK CAP_SYS_CHROOT CAP_BLOCK_SUSPEND CAP_LEASE CAP_SYS_PACCT CAP_SYS_TTY_CONFIG CAP_WAKE_ALARM
|
|
||||||
Environment=XDG_CACHE_HOME=/var/cache/reflector
|
|
||||||
LockPersonality=true
|
|
||||||
MemoryDenyWriteExecute=true
|
|
||||||
NoNewPrivileges=true
|
|
||||||
PrivateDevices=true
|
|
||||||
PrivateTmp=true
|
|
||||||
PrivateUsers=true
|
|
||||||
ProtectClock=true
|
|
||||||
ProtectControlGroups=true
|
|
||||||
ProtectHome=true
|
|
||||||
ProtectHostname=true
|
|
||||||
ProtectKernelTunables=true
|
|
||||||
ProtectKernelLogs=true
|
|
||||||
ProtectKernelModules=true
|
|
||||||
ProtectSystem=strict
|
|
||||||
ReadWritePaths=/etc/pacman.d/mirrorlist
|
|
||||||
RemoveIPC=true
|
|
||||||
RestrictAddressFamilies=~AF_AX25 AF_IPX AF_APPLETALK AF_X25 AF_DECnet AF_KEY AF_NETLINK AF_PACKET AF_RDS AF_PPPOX AF_LLC AF_IB AF_MPLS AF_CAN AF_TIPC AF_BLUETOOTH AF_ALG AF_VSOCK AF_KCM AF_UNIX AF_XDP
|
|
||||||
RestrictNamespaces=true
|
|
||||||
RestrictRealtime=true
|
|
||||||
RestrictSUIDSGID=true
|
|
||||||
SystemCallArchitectures=native
|
|
||||||
SystemCallFilter=@system-service
|
|
||||||
SystemCallFilter=~@resources @privileged
|
|
||||||
UMask=177
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy=multi-user.target
|
|
||||||
@ -0,0 +1,6 @@
|
|||||||
|
[Unit]
|
||||||
|
ConditionKernelCommandLine=!mirror
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Restart=on-failure
|
||||||
|
RestartSec=10
|
||||||
6
configs/releng/airootfs/etc/xdg/reflector/reflector.conf
Normal file
6
configs/releng/airootfs/etc/xdg/reflector/reflector.conf
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
# Reflector configuration file for the systemd service.
|
||||||
|
|
||||||
|
--save /etc/pacman.d/mirrorlist
|
||||||
|
--protocol https
|
||||||
|
--latest 70
|
||||||
|
--sort rate
|
||||||
Loading…
Reference in New Issue
Block a user