summary refs log tree commit diff
path: root/etc/guix-gc.service.in
blob: 2f1ca6584bbcef9e53d211023d397704285d8269 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
# This is a "service unit file" for the systemd init system to perform a
# one-shot 'guix gc' operation.  It is meant to be triggered by a timer.
# Drop it in /etc/systemd/system or similar together with 'guix-gc.timer'
# to set it up.

[Unit]
Description=Discard unused Guix store items

[Service]
Type=oneshot
# Customize the 'guix gc' arguments to fit your needs.
ExecStart=@localstatedir@/guix/profiles/per-user/root/current-guix/bin/guix gc -d 1m -F 10G
PrivateDevices=yes
PrivateNetwork=yes
PrivateUsers=no
ProtectKernelTunables=yes
ProtectKernelModules=yes
ProtectControlGroups=yes
MemoryDenyWriteExecute=yes
SystemCallFilter=@default @file-system @basic-io @system-service