Mercurial > prosody-modules
comparison misc/systemd/prosody.service @ 2351:f8ecb4b248b0
misc: An experimental systemd service file
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Tue, 08 Nov 2016 00:09:06 +0100 |
| parents | |
| children | bf5370a40a15 |
comparison
equal
deleted
inserted
replaced
| 2350:67990e045d4f | 2351:f8ecb4b248b0 |
|---|---|
| 1 [Unit] | |
| 2 ### see man systemd.unit | |
| 3 Description=Prosody XMPP Server | |
| 4 Documentation=https://prosody.im/doc | |
| 5 | |
| 6 [Service] | |
| 7 ### See man systemd.service ### | |
| 8 # With this configuration, systemd takes care of daemonization | |
| 9 # so Prosody should be configured with daemonize = false | |
| 10 Type=simple | |
| 11 | |
| 12 # Not sure if this is needed for 'simple' | |
| 13 PIDFile=/var/run/prosody/prosody.pid | |
| 14 | |
| 15 # Start by executing the main executable | |
| 16 ExecStart=/usr/bin/prosody | |
| 17 | |
| 18 ExecReload=/bin/kill -HUP $MAINPID | |
| 19 | |
| 20 # Restart on crashes | |
| 21 Restart=on-abnormal | |
| 22 | |
| 23 # Set O_NONBLOCK flag on sockets passed via socket activation | |
| 24 NonBlocking=true | |
| 25 | |
| 26 ### See man systemd.exec ### | |
| 27 | |
| 28 WorkingDirectory=/var/lib/prosody | |
| 29 | |
| 30 User=prosody | |
| 31 Group=prosody | |
| 32 | |
| 33 Umask=0027 | |
| 34 | |
| 35 # Nice=0 | |
| 36 | |
| 37 # Set stdin to /dev/null since Prosody does not need it | |
| 38 StandardInput=null | |
| 39 | |
| 40 # Direct stdout/-err to journald for use with log = "*stdout" | |
| 41 StandardOutput=journal | |
| 42 StandardError=inherit | |
| 43 | |
| 44 # This usually defaults to 4k or so | |
| 45 # LimitNOFILE=1M | |
| 46 | |
| 47 ## Interesting protection methods | |
| 48 # Finding a useful combo of these settings would be nice | |
| 49 # | |
| 50 # Needs read access to /etc/prosody for config | |
| 51 # Needs write access to /var/lib/prosody for storing data (for internal storage) | |
| 52 # Needs write access to /var/log/prosody for writing logs (depending on config) | |
| 53 # Needs read access to code and libraries loaded | |
| 54 | |
| 55 # ReadWriteDirectories=/var/lib/prosody /var/log/prosody | |
| 56 # InaccessibleDirectories=/boot /home /media /mnt /root /srv | |
| 57 # ReadOnlyDirectories=/usr /etc/prosody | |
| 58 | |
| 59 # PrivateTmp=true | |
| 60 # PrivateDevices=true | |
| 61 # PrivateNetwork=false | |
| 62 | |
| 63 # ProtectSystem=full | |
| 64 # ProtectHome=true | |
| 65 # ProtectKernelTunables=true | |
| 66 # ProtectControlGroups=true | |
| 67 # SystemCallFilter= | |
| 68 | |
| 69 # This should break LuaJIT | |
| 70 # MemoryDenyWriteExecute=true | |
| 71 | |
| 72 |