commit 92e226c425bdadb155f653ae334a4fb7e92f92b9 (tree)
parent 0bebf4f23f92cf2dd6a0f3d3f3b9e642a0976780
Author: Motiejus Jakštys <desired.mta@gmail.com>
Date: Sat, 18 Apr 2020 23:03:04 +0300
wip systemd-nspawn@hass.service
Diffstat:
3 files changed, 20 insertions(+), 27 deletions(-)
diff --git a/root/rpi4b/etc/systemd/nspawn/hass.nspawn b/root/rpi4b/etc/systemd/nspawn/hass.nspawn
@@ -0,0 +1,12 @@
+[Exec]
+Environment=S6_READ_ONLY_ROOT=1
+PrivateUsers=false
+
+[Files]
+ReadOnly=true
+Bind=/bigdisk/hass2:/config
+TemporaryFileSystem=/var
+TemporaryFileSystem=/run
+
+[Network]
+Interface=eth0.3
diff --git a/root/rpi4b/etc/systemd/system/hass2.service b/root/rpi4b/etc/systemd/system/hass2.service
@@ -1,27 +0,0 @@
-[Unit]
-Description=Home Assistant
-Requires=network-online.target var-lib-containers.mount
-After=network-online.target var-lib-containers.mount mosquitto.service sys-subsystem-net-devices-eth0.3.device
-Requires=mosquitto.service sys-subsystem-net-devices-eth0.3.device
-
-[Service]
-Slice=machine.slice
-MemoryLimit=2G
-ExecStart=/docker2root_entrypoint.sh
-ExecStartPost=/docker2root_cmd.sh
-KillMode=mixed
-Restart=always
-
-# Hardening
-RootDirectory=/bigdisk/containers2/homeassistant/home-assistant:0.107.7
-ProtectSystem=strict
-MountAPIVFS=true
-TemporaryFileSystem=/var
-BindPaths=/bigdisk/hass:/config:ro
-Environment=S6_READ_ONLY_ROOT=1
-PrivateNetwork=true
-#DynamicUser=true
-#PrivateUsers=true
-
-[Install]
-WantedBy=multi-user.target
diff --git a/root/rpi4b/etc/systemd/system/var-lib-machines.mount b/root/rpi4b/etc/systemd/system/var-lib-machines.mount
@@ -0,0 +1,8 @@
+[Unit]
+Description=var-lib-machines on bigdisk
+
+[Mount]
+What=/dev/disk/by-uuid/2693cfea-2c8d-498b-a8bd-78fb986d5504
+Where=/var/lib/machines
+Type=btrfs
+Options=subvol=machines,defaults
