diff options
Diffstat (limited to 'nixpkgs/pkgs/tools/security/yubikey-agent/yubikey-agent.service')
-rw-r--r-- | nixpkgs/pkgs/tools/security/yubikey-agent/yubikey-agent.service | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/tools/security/yubikey-agent/yubikey-agent.service b/nixpkgs/pkgs/tools/security/yubikey-agent/yubikey-agent.service new file mode 100644 index 00000000000..7a91f902544 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/yubikey-agent/yubikey-agent.service @@ -0,0 +1,35 @@ +[Unit] +Description=Seamless ssh-agent for YubiKeys +Documentation=https://filippo.io/yubikey-agent + +[Service] +ExecStart=yubikey-agent -l %t/yubikey-agent/yubikey-agent.sock +ExecReload=/bin/kill -HUP $MAINPID +ProtectSystem=strict +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +ProtectControlGroups=yes +ProtectClock=yes +ProtectHostname=yes +PrivateTmp=yes +PrivateDevices=yes +PrivateUsers=yes +IPAddressDeny=any +RestrictAddressFamilies=AF_UNIX +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +LockPersonality=yes +CapabilityBoundingSet= +SystemCallFilter=@system-service +SystemCallFilter=~@privileged @resources +SystemCallErrorNumber=EPERM +SystemCallArchitectures=native +NoNewPrivileges=yes +KeyringMode=private +UMask=0177 +RuntimeDirectory=yubikey-agent + +[Install] +WantedBy=default.target |