Mercurial > prosody-modules
view misc/systemd/prosody.service @ 4298:020dd0a59f1f
mod_muc_markers: Add option for @id rewriting, default off (may break some clients)
XEP-0333 was updated to clarify that stanza-id should be used
instead of the 'id' attribute when in a MUC. Some clients still
use the id attribute, which is why we were rewriting it.
Rewriting is bad because mod_muc advertises stable_id, indicating
that Prosody does *not* rewrite ids. Recent versions of Conversations
actually depend on this being true.
All clients should migrate to using stanza-id for markers. See XEP-0333.
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Mon, 14 Dec 2020 12:09:25 +0000 |
parents | f8ecb4b248b0 |
children | bf5370a40a15 |
line wrap: on
line source
[Unit] ### see man systemd.unit Description=Prosody XMPP Server Documentation=https://prosody.im/doc [Service] ### See man systemd.service ### # With this configuration, systemd takes care of daemonization # so Prosody should be configured with daemonize = false Type=simple # Not sure if this is needed for 'simple' PIDFile=/var/run/prosody/prosody.pid # Start by executing the main executable ExecStart=/usr/bin/prosody ExecReload=/bin/kill -HUP $MAINPID # Restart on crashes Restart=on-abnormal # Set O_NONBLOCK flag on sockets passed via socket activation NonBlocking=true ### See man systemd.exec ### WorkingDirectory=/var/lib/prosody User=prosody Group=prosody Umask=0027 # Nice=0 # Set stdin to /dev/null since Prosody does not need it StandardInput=null # Direct stdout/-err to journald for use with log = "*stdout" StandardOutput=journal StandardError=inherit # This usually defaults to 4k or so # LimitNOFILE=1M ## Interesting protection methods # Finding a useful combo of these settings would be nice # # Needs read access to /etc/prosody for config # Needs write access to /var/lib/prosody for storing data (for internal storage) # Needs write access to /var/log/prosody for writing logs (depending on config) # Needs read access to code and libraries loaded # ReadWriteDirectories=/var/lib/prosody /var/log/prosody # InaccessibleDirectories=/boot /home /media /mnt /root /srv # ReadOnlyDirectories=/usr /etc/prosody # PrivateTmp=true # PrivateDevices=true # PrivateNetwork=false # ProtectSystem=full # ProtectHome=true # ProtectKernelTunables=true # ProtectControlGroups=true # SystemCallFilter= # This should break LuaJIT # MemoryDenyWriteExecute=true