[jackhill/guix/guix.git] / etc / guix-gc.service.in

# This is a "service unit file" for the systemd init system to perform a
# one-shot 'guix gc' operation.  It is meant to be triggered by a timer.
# Drop it in /etc/systemd/system or similar together with 'guix-gc.timer'
# to set it up.

[Unit]
Description=Discard unused Guix store items

[Service]
Type=oneshot
# Customize the 'guix gc' arguments to fit your needs.
ExecStart=@localstatedir@/guix/profiles/per-user/root/current-guix/bin/guix gc -d 1m -F 10G
PrivateDevices=yes
PrivateNetwork=yes
PrivateUsers=no
ProtectKernelTunables=yes
ProtectKernelModules=yes
ProtectControlGroups=yes
MemoryDenyWriteExecute=yes
SystemCallFilter=@default @file-system @basic-io @system-service
Commit	Line	Data
5c4fd770 TJB	1	# This is a "service unit file" for the systemd init system to perform a
	2	# one-shot 'guix gc' operation. It is meant to be triggered by a timer.
	3	# Drop it in /etc/systemd/system or similar together with 'guix-gc.timer'
	4	# to set it up.
	5
	6	[Unit]
	7	Description=Discard unused Guix store items
	8
	9	[Service]
	10	Type=oneshot
	11	# Customize the 'guix gc' arguments to fit your needs.
	12	ExecStart=@localstatedir@/guix/profiles/per-user/root/current-guix/bin/guix gc -d 1m -F 10G
	13	PrivateDevices=yes
	14	PrivateNetwork=yes
	15	PrivateUsers=no
	16	ProtectKernelTunables=yes
	17	ProtectKernelModules=yes
	18	ProtectControlGroups=yes
	19	MemoryDenyWriteExecute=yes
	20	SystemCallFilter=@default @file-system @basic-io @system-service