···

       
21
       
21
       
 
       
      description = "Disable kernel module loading";

     

       
22
       
22
       
 
       


     

       
23
       
23
       
 
       
      wantedBy = [ config.systemd.defaultUnit ];

     

       
24
       
24
       
-
       
      after = [ "systemd-udev-settle.service" "firewall.service" "systemd-modules-load.service" ] ++ wantedBy;

     

       
25
       
24
       
 
       


     

       
26
       
26
       
-
       
      script = "echo -n 1 > /proc/sys/kernel/modules_disabled";

     

       
25
       
25
       
+
       
      after = [ "systemd-udev-settle.service" "firewall.service" "systemd-modules-load.service" ] ++ wantedBy;

     

       
27
       
26
       
 
       


     

       
28
       
27
       
 
       
      unitConfig.ConditionPathIsReadWrite = "/proc/sys/kernel";

     

       
29
       
28
       
 
       


     

       
30
       
29
       
 
       
      serviceConfig = {

     

       
31
       
30
       
 
       
        Type = "oneshot";

     

       
32
       
31
       
 
       
        RemainAfterExit = true;

     

       
32
       
32
       
+
       
        ExecStart = "/bin/sh -c 'echo -n 1 >/proc/sys/kernel/modules_disabled'";

     

       
33
       
33
       
 
       
      };

     

       
34
       
34
       
 
       
    };

     

       
35
       
35
       
 
       
  };