use private bind mounts for pacserve, remove pacdbservesystemd-v233

We want just one service to serve database files and package archives.
Private bind mounts make both available to pacserve. This alse removes
some complexity in pacredir.

4 files changed, 6 insertions, 18 deletions

diff --git a/systemd/pacdbserve.service b/systemd/pacdbserve.service
deleted file mode 100644
index a94238d..0000000
--- a/systemd/pacdbserve.service
+++ /dev/null
@@ -1,14 +0,0 @@
-[Unit]
-Description=Darkhttpd to serve pacman db files
-After=network.target
-
-[Service]
-ExecStart=/usr/bin/pacdbserve /var/lib/pacman/sync/ --ipv6 --port 7079 --no-listing
-DynamicUser=on
-ProtectSystem=full
-ProtectHome=on
-PrivateDevices=on
-NoNewPrivileges=on
-
-[Install]
-WantedBy=multi-user.target
diff --git a/systemd/pacredir.service b/systemd/pacredir.service
index 2e890f7..561b4cd 100644
--- a/systemd/pacredir.service
+++ b/systemd/pacredir.service
@@ -16,4 +16,3 @@ NoNewPrivileges=on
 [Install]
 WantedBy=multi-user.target
 Also=pacserve.service
-Also=pacdbserve.service
diff --git a/systemd/pacserve.service b/systemd/pacserve.service
index 1e414db..e3e2401 100644
--- a/systemd/pacserve.service
+++ b/systemd/pacserve.service
@@ -1,9 +1,10 @@
 [Unit]
-Description=Darkhttpd to serve pacman cache
-After=network.target
+Description=Serve pacman database files and package archives
+After=systemd-tmpfiles-setup.service network.target
 
 [Service]
-ExecStart=/usr/bin/pacserve /var/cache/pacman/pkg/ --ipv6 --port 7078 --no-listing
+ExecStart=/usr/bin/pacserve /run/pacserve/ --ipv6 --port 7078 --no-listing
+BindReadOnlyPaths=/var/cache/pacman/pkg:/run/pacserve/pkg /var/lib/pacman/sync:/run/pacserve/db
 DynamicUser=on
 ProtectSystem=full
 ProtectHome=on
diff --git a/systemd/tmpfiles.conf b/systemd/tmpfiles.conf
new file mode 100644
index 0000000..f1da220
--- /dev/null
+++ b/systemd/tmpfiles.conf
@@ -0,0 +1,2 @@
+d /var/cache/pacman/pkg - - - -
+d /var/lib/pacman/sync - - - -