comparison misc/systemd/prosody.service @ 2351:f8ecb4b248b0

misc: An experimental systemd service file
author Kim Alvefur <zash@zash.se>
date Tue, 08 Nov 2016 00:09:06 +0100
parents
children bf5370a40a15
comparison
equal deleted inserted replaced
2350:67990e045d4f 2351:f8ecb4b248b0
1 [Unit]
2 ### see man systemd.unit
3 Description=Prosody XMPP Server
4 Documentation=https://prosody.im/doc
5
6 [Service]
7 ### See man systemd.service ###
8 # With this configuration, systemd takes care of daemonization
9 # so Prosody should be configured with daemonize = false
10 Type=simple
11
12 # Not sure if this is needed for 'simple'
13 PIDFile=/var/run/prosody/prosody.pid
14
15 # Start by executing the main executable
16 ExecStart=/usr/bin/prosody
17
18 ExecReload=/bin/kill -HUP $MAINPID
19
20 # Restart on crashes
21 Restart=on-abnormal
22
23 # Set O_NONBLOCK flag on sockets passed via socket activation
24 NonBlocking=true
25
26 ### See man systemd.exec ###
27
28 WorkingDirectory=/var/lib/prosody
29
30 User=prosody
31 Group=prosody
32
33 Umask=0027
34
35 # Nice=0
36
37 # Set stdin to /dev/null since Prosody does not need it
38 StandardInput=null
39
40 # Direct stdout/-err to journald for use with log = "*stdout"
41 StandardOutput=journal
42 StandardError=inherit
43
44 # This usually defaults to 4k or so
45 # LimitNOFILE=1M
46
47 ## Interesting protection methods
48 # Finding a useful combo of these settings would be nice
49 #
50 # Needs read access to /etc/prosody for config
51 # Needs write access to /var/lib/prosody for storing data (for internal storage)
52 # Needs write access to /var/log/prosody for writing logs (depending on config)
53 # Needs read access to code and libraries loaded
54
55 # ReadWriteDirectories=/var/lib/prosody /var/log/prosody
56 # InaccessibleDirectories=/boot /home /media /mnt /root /srv
57 # ReadOnlyDirectories=/usr /etc/prosody
58
59 # PrivateTmp=true
60 # PrivateDevices=true
61 # PrivateNetwork=false
62
63 # ProtectSystem=full
64 # ProtectHome=true
65 # ProtectKernelTunables=true
66 # ProtectControlGroups=true
67 # SystemCallFilter=
68
69 # This should break LuaJIT
70 # MemoryDenyWriteExecute=true
71
72