A common and reliable pattern in service unit files is thus:
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
DevicePolicy=closed
ProtectSystem=strict
Some of these practices might be based on wrong assumptions and I'm not aware of it, so I would appreciate any feedback.
avoiding some dependency conflicts:
~/.sbt/{0.13,1.0}/plugins/plugins.sbt
undeclaredCompileDependencies
and make the obvious missing dependencies explicit by adding them to libraryDependencies
of each sub-projectunusedCompileDependencies
and remove some obvious unused libraries. This has false positives, so ; reload; Test/compile
after each change and ultimately run all tests to see that it didn't break anythingundeclaredCompileDependenciesTest
to the CI pipeline, so that it will fail if you have some undeclared dependencieskeeping dependencies up to date and resolving conflicts: