From a834db5dc933a4b48c8323ae3e490448a86b448f Mon Sep 17 00:00:00 2001
From: Christian Hesse <mail@eworm.de>
Date: Wed, 4 Jul 2018 13:59:24 +0200
Subject: use private bind mounts for pacserve, remove pacdbserve

We want just one service to serve database files and package archives.
Private bind mounts make both available to pacserve. This alse removes
some complexity in pacredir.
---
 systemd/pacdbserve.service | 14 --------------
 systemd/pacredir.service   |  1 -
 systemd/pacserve.service   |  7 ++++---
 systemd/tmpfiles.conf      |  2 ++
 4 files changed, 6 insertions(+), 18 deletions(-)
 delete mode 100644 systemd/pacdbserve.service
 create mode 100644 systemd/tmpfiles.conf

(limited to 'systemd')

diff --git a/systemd/pacdbserve.service b/systemd/pacdbserve.service
deleted file mode 100644
index a94238d..0000000
--- a/systemd/pacdbserve.service
+++ /dev/null
@@ -1,14 +0,0 @@
-[Unit]
-Description=Darkhttpd to serve pacman db files
-After=network.target
-
-[Service]
-ExecStart=/usr/bin/pacdbserve /var/lib/pacman/sync/ --ipv6 --port 7079 --no-listing
-DynamicUser=on
-ProtectSystem=full
-ProtectHome=on
-PrivateDevices=on
-NoNewPrivileges=on
-
-[Install]
-WantedBy=multi-user.target
diff --git a/systemd/pacredir.service b/systemd/pacredir.service
index 2e890f7..561b4cd 100644
--- a/systemd/pacredir.service
+++ b/systemd/pacredir.service
@@ -16,4 +16,3 @@ NoNewPrivileges=on
 [Install]
 WantedBy=multi-user.target
 Also=pacserve.service
-Also=pacdbserve.service
diff --git a/systemd/pacserve.service b/systemd/pacserve.service
index 1e414db..e3e2401 100644
--- a/systemd/pacserve.service
+++ b/systemd/pacserve.service
@@ -1,9 +1,10 @@
 [Unit]
-Description=Darkhttpd to serve pacman cache
-After=network.target
+Description=Serve pacman database files and package archives
+After=systemd-tmpfiles-setup.service network.target
 
 [Service]
-ExecStart=/usr/bin/pacserve /var/cache/pacman/pkg/ --ipv6 --port 7078 --no-listing
+ExecStart=/usr/bin/pacserve /run/pacserve/ --ipv6 --port 7078 --no-listing
+BindReadOnlyPaths=/var/cache/pacman/pkg:/run/pacserve/pkg /var/lib/pacman/sync:/run/pacserve/db
 DynamicUser=on
 ProtectSystem=full
 ProtectHome=on
diff --git a/systemd/tmpfiles.conf b/systemd/tmpfiles.conf
new file mode 100644
index 0000000..f1da220
--- /dev/null
+++ b/systemd/tmpfiles.conf
@@ -0,0 +1,2 @@
+d /var/cache/pacman/pkg - - - -
+d /var/lib/pacman/sync - - - -
-- 
cgit v1.2.3-54-g00ecf