systemd: remove unnecessary full paths

This commit is contained in:
Aminda Suomalainen 2024-10-04 13:21:21 +03:00
parent 3ea2736c47
commit 11d517e644
Signed by: Mikaela
SSH Key Fingerprint: SHA256:CXLULpqNBdUKB6E6fLA1b/4SzG0HvKD19PbIePU175Q
25 changed files with 103 additions and 85 deletions

View File

@ -4,10 +4,11 @@ Description=Aminda's deduplication service
[Service]
Type=oneshot
TimeoutStartSec=infinity
ExecStart=-/usr/bin/duperemove -rdhq --hashfile=/root/home.hash /home
ExecStart=-/usr/bin/duperemove -rdhq --hashfile=/root/usr-local-bin.hash /usr/local/bin
ExecStart=-/usr/bin/duperemove -rdhq --hashfile=/root/flatpak.hash /var/lib/flatpak
ExecStart=-/usr/bin/duperemove -rdhq --hashfile=/root/snap.hash /var/lib/snapd
# Contained in `systemd-path search-binaries-default`
ExecStart=-duperemove -rdhq --hashfile=/root/home.hash /home
ExecStart=-duperemove -rdhq --hashfile=/root/usr-local-bin.hash /usr/local/bin
ExecStart=-duperemove -rdhq --hashfile=/root/flatpak.hash /var/lib/flatpak
ExecStart=-duperemove -rdhq --hashfile=/root/snap.hash /var/lib/snapd
User=root
StandardOutput=journal
StandardError=journal

View File

@ -1,4 +1,5 @@
[Service]
# https://superuser.com/a/1290109
ExecStartPre=-/usr/sbin/btrfs balance start -dusage=25 -dlimit=10 -musage=25 -mlimit=10 /
ExecStartPost=-/usr/sbin/btrfs balance start -dusage=50 /
# Contained in `systemd-path search-binaries-default`
ExecStartPre=-btrfs balance start -dusage=25 -dlimit=10 -musage=25 -mlimit=10 /
ExecStartPost=-btrfs balance start -dusage=50 /

View File

@ -3,4 +3,4 @@
# WARNING: This is most likely a bad idea. My excuse is this system being on
# a small USB STICK with nothing important on it, what is yours?
ExecStart=
ExecStart=-/usr/bin/duperemove -rdhq --hashfile=/root/rootfs.hash /
ExecStart=-duperemove -rdhq --hashfile=/root/rootfs.hash /

View File

@ -7,52 +7,53 @@ Type=oneshot
TimeoutStartSec=infinity
Environment=LINUXBREWUSER=root
Environment=LINUXBREWGROUP=wheel
ExecStartPre=-/usr/bin/echo 1 > /sys/devices/system/cpu/microcode/reload
# Remember `systemd-path search-binaries-default`
ExecStartPre=-echo 1 > /sys/devices/system/cpu/microcode/reload
# - means it can fail, without failing those after it.
# These aren't given --now as THEY WOULD INFINITE LOOP.
ExecStartPre=-/usr/bin/systemctl enable aminda-nocron-rebootish.service
ExecStartPre=-/usr/bin/systemctl enable aminda-nocron-rebootish.timer
ExecStartPre=-/usr/bin/systemctl enable --now unbound.service
ExecStartPre=-/usr/bin/systemctl enable --now systemd-resolved.service
ExecStartPre=-/usr/sbin/sysctl net.ipv6.conf.all.disable_ipv6=0
ExecStartPre=-systemctl enable aminda-nocron-rebootish.service
ExecStartPre=-systemctl enable aminda-nocron-rebootish.timer
ExecStartPre=-systemctl enable --now unbound.service
ExecStartPre=-systemctl enable --now systemd-resolved.service
ExecStartPre=-sysctl net.ipv6.conf.all.disable_ipv6=0
# These services are called here, so
ExecStartPre=-/usr/bin/systemctl start firewalld.service
ExecStartPre=-systemctl start firewalld.service
# https://github.com/systemd/zram-generator
#ExecStart=-/usr/bin/systemctl start /dev/zram0
ExecStart=-/usr/bin/systemctl enable --now systemd-zram-setup@zram0.service
#ExecStart=-systemctl start /dev/zram0
ExecStart=-systemctl enable --now systemd-zram-setup@zram0.service
# Ensure we really allow ICMPv6 on FEDORA (or firewalld). Also other essential services.
ExecStart=-/usr/bin/firewall-cmd --add-protocol=ipv6-icmp
ExecStart=-/usr/bin/firewall-cmd --add-protocol=ipv6-icmp --zone=home
ExecStart=-/usr/bin/firewall-cmd --add-service=ssh --permanent
ExecStart=-/usr/bin/firewall-cmd --add-service=ssh --permanent --zone=home
ExecStart=-/usr/bin/firewall-cmd --add-service=mosh --permanent
ExecStart=-/usr/bin/firewall-cmd --add-service=mosh --permanent --zone=home
ExecStart=-/usr/bin/firewall-cmd --add-service=ntp --permanent
ExecStart=-/usr/bin/firewall-cmd --add-service=ntp --permanent --zone=home
ExecStart=-/usr/bin/firewall-cmd --add-service=syncthing --permanent
ExecStart=-/usr/bin/firewall-cmd --add-service=syncthing --permanent --zone=home
ExecStart=-/usr/bin/firewall-cmd --add-service=mdns --permanent
ExecStart=-/usr/bin/firewall-cmd --add-service=mdns --permanent --zone=home
ExecStart=-/usr/bin/firewall-cmd --add-service=kdeconnect --permanent
ExecStart=-/usr/bin/firewall-cmd --add-service=kdeconnect --permanent --zone=home
ExecStart=-/usr/bin/firewall-cmd --permanent --add-port=9001/udp
ExecStart=-/usr/bin/firewall-cmd --permanent --add-port=9001/udp --zone=home
ExecStart=-/usr/bin/firewall-cmd --permanent --add-port=6771/udp
ExecStart=-/usr/bin/firewall-cmd --permanent --add-port=6771/udp --zone=home
ExecStart=-firewall-cmd --add-protocol=ipv6-icmp
ExecStart=-firewall-cmd --add-protocol=ipv6-icmp --zone=home
ExecStart=-firewall-cmd --add-service=ssh --permanent
ExecStart=-firewall-cmd --add-service=ssh --permanent --zone=home
ExecStart=-firewall-cmd --add-service=mosh --permanent
ExecStart=-firewall-cmd --add-service=mosh --permanent --zone=home
ExecStart=-firewall-cmd --add-service=ntp --permanent
ExecStart=-firewall-cmd --add-service=ntp --permanent --zone=home
ExecStart=-firewall-cmd --add-service=syncthing --permanent
ExecStart=-firewall-cmd --add-service=syncthing --permanent --zone=home
ExecStart=-firewall-cmd --add-service=mdns --permanent
ExecStart=-firewall-cmd --add-service=mdns --permanent --zone=home
ExecStart=-firewall-cmd --add-service=kdeconnect --permanent
ExecStart=-firewall-cmd --add-service=kdeconnect --permanent --zone=home
ExecStart=-firewall-cmd --permanent --add-port=9001/udp
ExecStart=-firewall-cmd --permanent --add-port=9001/udp --zone=home
ExecStart=-firewall-cmd --permanent --add-port=6771/udp
ExecStart=-firewall-cmd --permanent --add-port=6771/udp --zone=home
# 3rd party Xbox controller initialization. See Mikaela/gist/gayming/
#ExecStart=-/root/fixcontroller.py
# This is actually in the delayed variant of this service, but anyway
ExecStart=-/usr/bin/systemctl enable --now yggdrasil.service
ExecStart=-/usr/bin/systemctl enable --now ssh.service
ExecStart=-/usr/bin/systemctl enable --now sshd.service
ExecStart=-/usr/bin/systemctl enable --now sshguard.service
ExecStart=-/usr/bin/systemctl enable --now unbound.service
ExecStart=-/usr/bin/systemctl enable --now chrony.service
ExecStart=-/usr/bin/systemctl enable --now chronyd.service
ExecStart=-/usr/bin/systemctl enable --now systemd-oomd.service systemd-oomd.socket
ExecStart=-/bin/chown -R ${LINUXBREWUSER}:${LINUXBREWGROUP} /home/linuxbrew -R
ExecStart=-/bin/chmod -R u+rw,g+rw,o+r /home/linuxbrew
ExecStart=-/bin/setfacl -R -m g:${LINUXBREWGROUP}:rwX,o:rX /home/linuxbrew
ExecStart=-systemctl enable --now yggdrasil.service
ExecStart=-systemctl enable --now ssh.service
ExecStart=-systemctl enable --now sshd.service
ExecStart=-systemctl enable --now sshguard.service
ExecStart=-systemctl enable --now unbound.service
ExecStart=-systemctl enable --now chrony.service
ExecStart=-systemctl enable --now chronyd.service
ExecStart=-systemctl enable --now systemd-oomd.service systemd-oomd.socket
ExecStart=-chown -R ${LINUXBREWUSER}:${LINUXBREWGROUP} /home/linuxbrew -R
ExecStart=-chmod -R u+rw,g+rw,o+r /home/linuxbrew
ExecStart=-setfacl -R -m g:${LINUXBREWGROUP}:rwX,o:rX /home/linuxbrew
User=root
StandardOutput=journal
StandardError=journal

View File

@ -1,3 +1,3 @@
# Disables all swap. Very questionable.
[Service]
ExecStart=-/usr/sbin/swapoff -a
ExecStart=-swapoff -a

View File

@ -1,3 +1,3 @@
#[Service]
#ExecStart=-/usr/bin/systemctl enable --now syncthing@mikaela.service --quiet
#ExecStart=-/usr/bin/systemctl enable --now syncthing@aminda.service --quiet
#ExecStart=-systemctl enable --now syncthing@mikaela.service --quiet
#ExecStart=-systemctl enable --now syncthing@aminda.service --quiet

View File

@ -4,19 +4,20 @@ Description=Aminda's cronless tasks to do a bit after booting
[Service]
Type=oneshot
TimeoutStartSec=infinity
# Remember `systemd-path search-binaries-default`
# - means it can fail, without failing those after it
# Another attempt at ensuring Yggdrasil works with nordvpnd
ExecStartPre=-/usr/bin/systemctl enable --now aminda-nocron-reboot.service
ExecStartPre=-/usr/bin/systemctl enable --now aminda-nocron-reboot.timer
ExecStartPre=-/usr/bin/systemctl enable --now monthly-btrfs-balance.timer
ExecStartPre=-/usr/sbin/sysctl net.ipv6.conf.all.disable_ipv6=0
ExecStartPre=-/usr/bin/systemctl enable --now tlp
ExecStart=-/usr/bin/systemctl restart yggdrasil.service
ExecStart=-/bin/firewall-cmd --reload
ExecStartPre=-systemctl enable --now aminda-nocron-reboot.service
ExecStartPre=-systemctl enable --now aminda-nocron-reboot.timer
ExecStartPre=-systemctl enable --now monthly-btrfs-balance.timer
ExecStartPre=-sysctl net.ipv6.conf.all.disable_ipv6=0
ExecStartPre=-systemctl enable --now tlp
ExecStart=-systemctl restart yggdrasil.service
ExecStart=-firewall-cmd --reload
# If they somehow managed to not start already
ExecStart=-/usr/bin/systemctl enable --now unbound.service
ExecStart=-/usr/bin/systemctl enable --now systemd-resolved.service
ExecStart=-/usr/sbin/tlp setcharge
ExecStart=-systemctl enable --now unbound.service
ExecStart=-systemctl enable --now systemd-resolved.service
ExecStart=-tlp setcharge
User=root
StandardOutput=journal
StandardError=journal

View File

@ -9,7 +9,7 @@ After=network.target mullvad-daemon.service
# Wait a minute before actually starting Chrony so Mullvad has surely had
# time to start and thus not fail at excluding (cannot set the cgroup, no
# such file or directory)
#ExecStartPre=/usr/bin/sleep 60
#ExecStartPre=sleep 60
# Empty the main chrony.service ExecStart line so it can be overwritten
ExecStart=
ExecStart=/usr/bin/mullvad-exclude /usr/sbin/chronyd $DAEMON_OPTS
ExecStart=mullvad-exclude /usr/sbin/chronyd $DAEMON_OPTS

View File

@ -3,5 +3,6 @@ Description=install flatpak updates and uninstall unused flatpaks
[Service]
Type=oneshot
ExecStart=/usr/bin/flatpak update --assumeyes --noninteractive
ExecStartPost=/usr/bin/flatpak uninstall --unused --assumeyes --noninteractive
# Contained in `systemd-path search-binaries-default`
ExecStart=flatpak update --assumeyes --noninteractive
ExecStartPost=flatpak uninstall --unused --assumeyes --noninteractive

View File

@ -14,8 +14,8 @@ Wants=gpsd.service gpsd.socket
ExecStartPre=-/tmp/gps-share.sock
# Creating a socket for geoclue to connect to
# Credit: @schnell at https://gitlab.freedesktop.org/geoclue/geoclue/-/issues/145#note_1772702
ExecStartPost=/bin/sh -c "(gpspipe --nmea | ( read; read; read; cat ) | ncat --verbose --keep-open --listen --unixsock /tmp/gps-share.sock&)"
ExecStartPost=sh -c "(gpspipe --nmea | ( read; read; read; cat ) | ncat --verbose --keep-open --listen --unixsock /tmp/gps-share.sock&)"
# In case of clean shutdown, remove the socket for restart
ExecStopPost=-/usr/bin/rm -vf /tmp/gps-share.sock
ExecStopPost=-rm -vf /tmp/gps-share.sock
# vim: filetype=systemd

View File

@ -3,4 +3,5 @@ Description=Gitea restarter
[Service]
Type=oneshot
ExecStart=/bin/systemctl restart gitea.service --quiet
# Contained in `systemd-path search-binaries-default`
ExecStart=systemctl restart gitea.service --quiet

View File

@ -5,14 +5,14 @@ Type=exec
# In case the file exists, I can throw my own additional options there
EnvironmentFile=-/etc/gpsd.aminda.conf
# Kernel module possibly required for USB GPS devices especially with Chrony?
ExecStartPre=-/usr/sbin/modprobe pps_ldisc
ExecStartPre=-modprobe pps_ldisc
# Empty ExecStart= before the actual ExecStart= removes the original
# ExecStart= line
ExecStart=
# Maybe specify the GPS device in /etc/gpsd.aminda.conf instead?
ExecStart=/usr/sbin/gpsd --readonly --nowait --foreground $AMINDAGPSD
ExecStart=gpsd --readonly --nowait --foreground $AMINDAGPSD
# Missing from the original unit, will reconnect all GPS says man gpsd
ExecReload=/usr/bin/killall -HUP gpsd
ExecReload=killall -HUP gpsd
# Avoiding systemd considering the unit as failed.
Restart=always
RestartSec=5s

View File

@ -5,6 +5,7 @@ Requires=mullvad-daemon.service
After=mullvad-daemon.service
[Service]
ExecStartPre=/usr/bin/sleep 30
# Contained in `systemd-path search-binaries-default`
ExecStartPre=sleep 30
ExecStart=
ExecStart=/usr/bin/mullvad-exclude /usr/sbin/i2pd --conf=/etc/i2pd/i2pd.conf --tunconf=/etc/i2pd/tunnels.conf --tunnelsdir=/etc/i2pd/tunnels.conf.d --pidfile=/run/i2pd/i2pd.pid --logfile=/var/log/i2pd/i2pd.log --daemon --service
ExecStart=mullvad-exclude i2pd --conf=/etc/i2pd/i2pd.conf --tunconf=/etc/i2pd/tunnels.conf --tunnelsdir=/etc/i2pd/tunnels.conf.d --pidfile=/run/i2pd/i2pd.pid --logfile=/var/log/i2pd/i2pd.log --daemon --service

View File

@ -3,7 +3,8 @@ Description=Matterbridge mediarepo cleanup for things older than a week
[Service]
Type=oneshot
ExecStart=-/usr/bin/find /var/www/html/matterbridge -type f -cmin +10080 -delete
# Contained in `systemd-path search-binaries-default`
ExecStart=-find /var/www/html/matterbridge -type f -cmin +10080 -delete
User=matterbridge
StandardOutput=null
StandardError=null

View File

@ -3,4 +3,5 @@ Description=Matterbridge restarter
[Service]
Type=oneshot
ExecStart=/bin/systemctl restart matterbridge.service --quiet
# Contained in `systemd-path search-binaries-default`
ExecStart=systemctl restart matterbridge.service --quiet

View File

@ -4,7 +4,8 @@ Description=Monthly BTRFS full balancing
[Service]
Type=oneshot
TimeoutStartSec=infinity
ExecStart=/usr/sbin/btrfs balance start --full-balance /
# Contained in `systemd-path search-binaries-default`
ExecStart=btrfs balance start --full-balance /
User=root
StandardOutput=journal
StandardError=journal

View File

@ -1,3 +1,4 @@
[Service]
ExecStart=
ExecStart=/usr/bin/qbittorrent-nox --webui-port=8081
# Contained in `systemd-path search-binaries-default`
ExecStart=qbittorrent-nox --webui-port=8081

View File

@ -7,7 +7,8 @@ After=network-online.target
[Service]
Type=oneshot
ExecStart=/usr/bin/reflector --protocol https --latest 30 --number 20 --sort rate --save /etc/pacman.d/mirrorlist
# Contained in `systemd-path search-binaries-default`
ExecStart=reflector --protocol https --latest 30 --number 20 --sort rate --save /etc/pacman.d/mirrorlist
[Install]
RequiredBy=multi-user.target

View File

@ -1,4 +1,4 @@
[Service]
ExecStart=
# Remember reflector --list-countries
ExecStart=/usr/bin/reflector --save /etc/pacman.d/mirrorlist --protocol https --country 'Finland,Sweden,Norway,Estonia,Germany' --latest 25 --sort rate
ExecStart=reflector --save /etc/pacman.d/mirrorlist --protocol https --country 'Finland,Sweden,Norway,Estonia,Germany' --latest 25 --sort rate

View File

@ -3,4 +3,5 @@ Requires=firewalld.service
After=firewalld.service
[Service]
ExecStartPost=/usr/bin/firewall-cmd --add-protocol=ipv6-icmp
# Contained in `systemd-path search-binaries-default`
ExecStartPost=firewall-cmd --add-protocol=ipv6-icmp

View File

@ -3,4 +3,5 @@ Requires=nordvpnd.service
After=nordvpnd.service
[Service]
ExecStartPre=/usr/bin/nordvpn connect p2p
# Contained in `systemd-path search-binaries-default`
ExecStartPre=nordvpn connect p2p

View File

@ -4,7 +4,8 @@ Description=Read /etc/sysctl.conf and /etc/sysctl.d/
[Service]
Type=oneshot
TimeoutStartSec=infinity
ExecStart=-/usr/sbin/sysctl -p --system
# Contained in `systemd-path search-binaries-default`
ExecStart=-sysctl -p --system
User=root
StandardOutput=journal
StandardError=journal

View File

@ -3,8 +3,9 @@ Description=Tor client
After=network.target
[Service]
ExecStart=/usr/bin/tor -f /etc/tor/torrc-client
ExecReload=/bin/kill -HUP $MAINPID
# Contained in `systemd-path search-binaries-default`
ExecStart=tor -f /etc/tor/torrc-client
ExecReload=kill -HUP $MAINPID
Restart=always
User=debian-tor

View File

@ -3,8 +3,9 @@ Description=Tor one hop onion service host
After=network.target
[Service]
ExecStart=/usr/bin/tor -f /etc/tor/torrc-onehoponion
ExecReload=/bin/kill -HUP $MAINPID
# Contained in `systemd-path search-binaries-default`
ExecStart=tor -f /etc/tor/torrc-onehoponion
ExecReload=kill -HUP $MAINPID
Restart=always
User=debian-tor

View File

@ -9,7 +9,8 @@ After=network.target mullvad-daemon.service
# Wait a ~minute before actually starting Yggdrasil so Mullvad has surely had
# time to start and thus not fail at excluding (cannot set the cgroup, no
# such file or directory)
#ExecStartPre=/usr/bin/sleep 45
#ExecStartPre=sleep 45
# Empty the main yggdrasil.service ExecStart line so it can be overwritten
ExecStart=
ExecStart=/usr/bin/mullvad-exclude /usr/bin/yggdrasil -useconffile /etc/yggdrasil.conf
# Contained in `systemd-path search-binaries-default`
ExecStart=mullvad-exclude yggdrasil -useconffile /etc/yggdrasil.conf