prosody-modules: misc/systemd/prosody.service annotate

annotate misc/systemd/prosody.service @ 5593:6d0574bfbf5d

mod_client_management: Include software version in table (when known) Showing software versions could be useful for statistical reasons, e.g. determining how quickly (or not) users upgrade, but most importantly for revoking vulnerable clients versions in case of a security issue.

author	Kim Alvefur <zash@zash.se>
date	Thu, 13 Jul 2023 23:26:02 +0200
parents	f8ecb4b248b0
children	bf5370a40a15

rev	line source
2351 f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	1 [Unit]
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	2 ### see man systemd.unit
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	3 Description=Prosody XMPP Server
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	4 Documentation=https://prosody.im/doc
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	5
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	6 [Service]
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	7 ### See man systemd.service ###
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	8 # With this configuration, systemd takes care of daemonization
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	9 # so Prosody should be configured with daemonize = false
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	10 Type=simple
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	11
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	12 # Not sure if this is needed for 'simple'
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	13 PIDFile=/var/run/prosody/prosody.pid
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	14
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	15 # Start by executing the main executable
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	16 ExecStart=/usr/bin/prosody
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	17
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	18 ExecReload=/bin/kill -HUP $MAINPID
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	19
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	20 # Restart on crashes
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	21 Restart=on-abnormal
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	22
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	23 # Set O_NONBLOCK flag on sockets passed via socket activation
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	24 NonBlocking=true
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	25
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	26 ### See man systemd.exec ###
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	27
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	28 WorkingDirectory=/var/lib/prosody
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	29
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	30 User=prosody
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	31 Group=prosody
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	32
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	33 Umask=0027
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	34
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	35 # Nice=0
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	36
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	37 # Set stdin to /dev/null since Prosody does not need it
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	38 StandardInput=null
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	39
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	40 # Direct stdout/-err to journald for use with log = "*stdout"
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	41 StandardOutput=journal
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	42 StandardError=inherit
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	43
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	44 # This usually defaults to 4k or so
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	45 # LimitNOFILE=1M
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	46
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	47 ## Interesting protection methods
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	48 # Finding a useful combo of these settings would be nice
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	49 #
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	50 # Needs read access to /etc/prosody for config
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	51 # Needs write access to /var/lib/prosody for storing data (for internal storage)
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	52 # Needs write access to /var/log/prosody for writing logs (depending on config)
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	53 # Needs read access to code and libraries loaded
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	54
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	55 # ReadWriteDirectories=/var/lib/prosody /var/log/prosody
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	56 # InaccessibleDirectories=/boot /home /media /mnt /root /srv
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	57 # ReadOnlyDirectories=/usr /etc/prosody
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	58
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	59 # PrivateTmp=true
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	60 # PrivateDevices=true
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	61 # PrivateNetwork=false
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	62
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	63 # ProtectSystem=full
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	64 # ProtectHome=true
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	65 # ProtectKernelTunables=true
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	66 # ProtectControlGroups=true
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	67 # SystemCallFilter=
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	68
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	69 # This should break LuaJIT
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	70 # MemoryDenyWriteExecute=true
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	71
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	72

Mercurial > prosody-modules

annotate misc/systemd/prosody.service @ 5593:6d0574bfbf5d