summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid P <megver83@parabola.nu>2020-09-27 17:35:34 -0300
committerDavid P <megver83@parabola.nu>2020-09-27 17:44:26 -0300
commitacd25c913bface483531140e363923f49c5fef8d (patch)
tree51ff905696a6fc99da4f29728eb80860a588a0d9
parent8cbac065d0bb3214d808b8cb77ad149b3387d6c8 (diff)
configs/releng: remove custom reflector.service and use the service provided by the packageHEADmaster
parabolaiso specific options are placed in a /etc/systemd/system/reflector.service.d/parabolaiso.conf drop-in. NM dispatcher script now simplified to look similar to its systemd counterpart Signed-off-by: David P <megver83@parabola.nu>
-rwxr-xr-xconfigs/lxde-openrc/airootfs/etc/NetworkManager/dispatcher.d/reflector9
-rwxr-xr-xconfigs/releng-openrc/airootfs/etc/NetworkManager/dispatcher.d/reflector9
l---------configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/reflector.service2
-rw-r--r--configs/releng/airootfs/etc/systemd/system/reflector.service44
-rw-r--r--configs/releng/airootfs/etc/systemd/system/reflector.service.d/parabolaiso.conf6
-rw-r--r--configs/releng/airootfs/etc/xdg/reflector/reflector.conf6
l---------configs/talkingparabola/airootfs/etc/systemd/system/multi-user.target.wants/reflector.service2
-rw-r--r--configs/talkingparabola/airootfs/etc/systemd/system/reflector.service44
-rw-r--r--configs/talkingparabola/airootfs/etc/systemd/system/reflector.service.d/parabolaiso.conf6
-rw-r--r--configs/talkingparabola/airootfs/etc/xdg/reflector/reflector.conf6
10 files changed, 36 insertions, 98 deletions
diff --git a/configs/lxde-openrc/airootfs/etc/NetworkManager/dispatcher.d/reflector b/configs/lxde-openrc/airootfs/etc/NetworkManager/dispatcher.d/reflector
index 17ba099..5618511 100755
--- a/configs/lxde-openrc/airootfs/etc/NetworkManager/dispatcher.d/reflector
+++ b/configs/lxde-openrc/airootfs/etc/NetworkManager/dispatcher.d/reflector
@@ -3,8 +3,9 @@
# SPDX-License-Identifier: GPL-3.0-or-later
if [ "$2" == up ] && ! grep -qoP 'mirror=\K\S+' /proc/cmdline; then
- # shellcheck disable=SC2034
- XDG_CACHE_HOME=/var/cache/reflector
- umask 177
- /usr/bin/reflector --protocol https --latest 15 --sort rate --save /etc/pacman.d/mirrorlist
+ reflector \
+ --save /etc/pacman.d/mirrorlist \
+ --protocol https \
+ --latest 70 \
+ --sort rate
fi
diff --git a/configs/releng-openrc/airootfs/etc/NetworkManager/dispatcher.d/reflector b/configs/releng-openrc/airootfs/etc/NetworkManager/dispatcher.d/reflector
index 17ba099..5618511 100755
--- a/configs/releng-openrc/airootfs/etc/NetworkManager/dispatcher.d/reflector
+++ b/configs/releng-openrc/airootfs/etc/NetworkManager/dispatcher.d/reflector
@@ -3,8 +3,9 @@
# SPDX-License-Identifier: GPL-3.0-or-later
if [ "$2" == up ] && ! grep -qoP 'mirror=\K\S+' /proc/cmdline; then
- # shellcheck disable=SC2034
- XDG_CACHE_HOME=/var/cache/reflector
- umask 177
- /usr/bin/reflector --protocol https --latest 15 --sort rate --save /etc/pacman.d/mirrorlist
+ reflector \
+ --save /etc/pacman.d/mirrorlist \
+ --protocol https \
+ --latest 70 \
+ --sort rate
fi
diff --git a/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/reflector.service b/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/reflector.service
index f5071ce..d372729 120000
--- a/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/reflector.service
+++ b/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/reflector.service
@@ -1 +1 @@
-../reflector.service \ No newline at end of file
+/usr/lib/systemd/system/reflector.service \ No newline at end of file
diff --git a/configs/releng/airootfs/etc/systemd/system/reflector.service b/configs/releng/airootfs/etc/systemd/system/reflector.service
deleted file mode 100644
index 4058e36..0000000
--- a/configs/releng/airootfs/etc/systemd/system/reflector.service
+++ /dev/null
@@ -1,44 +0,0 @@
-#
-# SPDX-License-Identifier: GPL-3.0-or-later
-
-[Unit]
-Description=pacman mirrorlist update
-Wants=network-online.target
-After=network-online.target nss-lookup.target
-ConditionKernelCommandLine=!mirror
-
-[Service]
-Type=oneshot
-ExecStart=/usr/bin/reflector --protocol https --latest 70 --sort rate --save /etc/pacman.d/mirrorlist
-Restart=on-failure
-RestartSec=10
-CacheDirectory=reflector
-CapabilityBoundingSet=~CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_CHOWN CAP_FSETID CAP_SETFCAP CAP_DAC_OVERRIDE CAP_DAC_READ_SEARCH CAP_FOWNER CAP_IPC_OWNER CAP_NET_ADMIN CAP_SYS_TIME CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE CAP_KILL CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_NICE CAP_SYS_RESOURCE CAP_MAC_ADMIN CAP_MAC_OVERRIDE CAP_SYS_BOOT CAP_LINUX_IMMUTABLE CAP_IPC_LOCK CAP_SYS_CHROOT CAP_BLOCK_SUSPEND CAP_LEASE CAP_SYS_PACCT CAP_SYS_TTY_CONFIG CAP_WAKE_ALARM
-Environment=XDG_CACHE_HOME=/var/cache/reflector
-LockPersonality=true
-MemoryDenyWriteExecute=true
-NoNewPrivileges=true
-PrivateDevices=true
-PrivateTmp=true
-PrivateUsers=true
-ProtectClock=true
-ProtectControlGroups=true
-ProtectHome=true
-ProtectHostname=true
-ProtectKernelTunables=true
-ProtectKernelLogs=true
-ProtectKernelModules=true
-ProtectSystem=strict
-ReadWritePaths=/etc/pacman.d/mirrorlist
-RemoveIPC=true
-RestrictAddressFamilies=~AF_AX25 AF_IPX AF_APPLETALK AF_X25 AF_DECnet AF_KEY AF_NETLINK AF_PACKET AF_RDS AF_PPPOX AF_LLC AF_IB AF_MPLS AF_CAN AF_TIPC AF_BLUETOOTH AF_ALG AF_VSOCK AF_KCM AF_UNIX AF_XDP
-RestrictNamespaces=true
-RestrictRealtime=true
-RestrictSUIDSGID=true
-SystemCallArchitectures=native
-SystemCallFilter=@system-service
-SystemCallFilter=~@resources @privileged
-UMask=177
-
-[Install]
-WantedBy=multi-user.target
diff --git a/configs/releng/airootfs/etc/systemd/system/reflector.service.d/parabolaiso.conf b/configs/releng/airootfs/etc/systemd/system/reflector.service.d/parabolaiso.conf
new file mode 100644
index 0000000..de6664d
--- /dev/null
+++ b/configs/releng/airootfs/etc/systemd/system/reflector.service.d/parabolaiso.conf
@@ -0,0 +1,6 @@
+[Unit]
+ConditionKernelCommandLine=!mirror
+
+[Service]
+Restart=on-failure
+RestartSec=10
diff --git a/configs/releng/airootfs/etc/xdg/reflector/reflector.conf b/configs/releng/airootfs/etc/xdg/reflector/reflector.conf
new file mode 100644
index 0000000..7b37d89
--- /dev/null
+++ b/configs/releng/airootfs/etc/xdg/reflector/reflector.conf
@@ -0,0 +1,6 @@
+# Reflector configuration file for the systemd service.
+
+--save /etc/pacman.d/mirrorlist
+--protocol https
+--latest 70
+--sort rate
diff --git a/configs/talkingparabola/airootfs/etc/systemd/system/multi-user.target.wants/reflector.service b/configs/talkingparabola/airootfs/etc/systemd/system/multi-user.target.wants/reflector.service
index f5071ce..d372729 120000
--- a/configs/talkingparabola/airootfs/etc/systemd/system/multi-user.target.wants/reflector.service
+++ b/configs/talkingparabola/airootfs/etc/systemd/system/multi-user.target.wants/reflector.service
@@ -1 +1 @@
-../reflector.service \ No newline at end of file
+/usr/lib/systemd/system/reflector.service \ No newline at end of file
diff --git a/configs/talkingparabola/airootfs/etc/systemd/system/reflector.service b/configs/talkingparabola/airootfs/etc/systemd/system/reflector.service
deleted file mode 100644
index 4058e36..0000000
--- a/configs/talkingparabola/airootfs/etc/systemd/system/reflector.service
+++ /dev/null
@@ -1,44 +0,0 @@
-#
-# SPDX-License-Identifier: GPL-3.0-or-later
-
-[Unit]
-Description=pacman mirrorlist update
-Wants=network-online.target
-After=network-online.target nss-lookup.target
-ConditionKernelCommandLine=!mirror
-
-[Service]
-Type=oneshot
-ExecStart=/usr/bin/reflector --protocol https --latest 70 --sort rate --save /etc/pacman.d/mirrorlist
-Restart=on-failure
-RestartSec=10
-CacheDirectory=reflector
-CapabilityBoundingSet=~CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_CHOWN CAP_FSETID CAP_SETFCAP CAP_DAC_OVERRIDE CAP_DAC_READ_SEARCH CAP_FOWNER CAP_IPC_OWNER CAP_NET_ADMIN CAP_SYS_TIME CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE CAP_KILL CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_NICE CAP_SYS_RESOURCE CAP_MAC_ADMIN CAP_MAC_OVERRIDE CAP_SYS_BOOT CAP_LINUX_IMMUTABLE CAP_IPC_LOCK CAP_SYS_CHROOT CAP_BLOCK_SUSPEND CAP_LEASE CAP_SYS_PACCT CAP_SYS_TTY_CONFIG CAP_WAKE_ALARM
-Environment=XDG_CACHE_HOME=/var/cache/reflector
-LockPersonality=true
-MemoryDenyWriteExecute=true
-NoNewPrivileges=true
-PrivateDevices=true
-PrivateTmp=true
-PrivateUsers=true
-ProtectClock=true
-ProtectControlGroups=true
-ProtectHome=true
-ProtectHostname=true
-ProtectKernelTunables=true
-ProtectKernelLogs=true
-ProtectKernelModules=true
-ProtectSystem=strict
-ReadWritePaths=/etc/pacman.d/mirrorlist
-RemoveIPC=true
-RestrictAddressFamilies=~AF_AX25 AF_IPX AF_APPLETALK AF_X25 AF_DECnet AF_KEY AF_NETLINK AF_PACKET AF_RDS AF_PPPOX AF_LLC AF_IB AF_MPLS AF_CAN AF_TIPC AF_BLUETOOTH AF_ALG AF_VSOCK AF_KCM AF_UNIX AF_XDP
-RestrictNamespaces=true
-RestrictRealtime=true
-RestrictSUIDSGID=true
-SystemCallArchitectures=native
-SystemCallFilter=@system-service
-SystemCallFilter=~@resources @privileged
-UMask=177
-
-[Install]
-WantedBy=multi-user.target
diff --git a/configs/talkingparabola/airootfs/etc/systemd/system/reflector.service.d/parabolaiso.conf b/configs/talkingparabola/airootfs/etc/systemd/system/reflector.service.d/parabolaiso.conf
new file mode 100644
index 0000000..de6664d
--- /dev/null
+++ b/configs/talkingparabola/airootfs/etc/systemd/system/reflector.service.d/parabolaiso.conf
@@ -0,0 +1,6 @@
+[Unit]
+ConditionKernelCommandLine=!mirror
+
+[Service]
+Restart=on-failure
+RestartSec=10
diff --git a/configs/talkingparabola/airootfs/etc/xdg/reflector/reflector.conf b/configs/talkingparabola/airootfs/etc/xdg/reflector/reflector.conf
new file mode 100644
index 0000000..7b37d89
--- /dev/null
+++ b/configs/talkingparabola/airootfs/etc/xdg/reflector/reflector.conf
@@ -0,0 +1,6 @@
+# Reflector configuration file for the systemd service.
+
+--save /etc/pacman.d/mirrorlist
+--protocol https
+--latest 70
+--sort rate