Mercurial > prosody-modules
view misc/systemd/prosody.service @ 2518:0e1054c19f9d
mod_firewall: More meta! Allow simple functions to be applied to $<> expressions
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Sun, 19 Feb 2017 21:06:57 +0000 |
parents | f8ecb4b248b0 |
children | bf5370a40a15 |
line wrap: on
line source
[Unit] ### see man systemd.unit Description=Prosody XMPP Server Documentation=https://prosody.im/doc [Service] ### See man systemd.service ### # With this configuration, systemd takes care of daemonization # so Prosody should be configured with daemonize = false Type=simple # Not sure if this is needed for 'simple' PIDFile=/var/run/prosody/prosody.pid # Start by executing the main executable ExecStart=/usr/bin/prosody ExecReload=/bin/kill -HUP $MAINPID # Restart on crashes Restart=on-abnormal # Set O_NONBLOCK flag on sockets passed via socket activation NonBlocking=true ### See man systemd.exec ### WorkingDirectory=/var/lib/prosody User=prosody Group=prosody Umask=0027 # Nice=0 # Set stdin to /dev/null since Prosody does not need it StandardInput=null # Direct stdout/-err to journald for use with log = "*stdout" StandardOutput=journal StandardError=inherit # This usually defaults to 4k or so # LimitNOFILE=1M ## Interesting protection methods # Finding a useful combo of these settings would be nice # # Needs read access to /etc/prosody for config # Needs write access to /var/lib/prosody for storing data (for internal storage) # Needs write access to /var/log/prosody for writing logs (depending on config) # Needs read access to code and libraries loaded # ReadWriteDirectories=/var/lib/prosody /var/log/prosody # InaccessibleDirectories=/boot /home /media /mnt /root /srv # ReadOnlyDirectories=/usr /etc/prosody # PrivateTmp=true # PrivateDevices=true # PrivateNetwork=false # ProtectSystem=full # ProtectHome=true # ProtectKernelTunables=true # ProtectControlGroups=true # SystemCallFilter= # This should break LuaJIT # MemoryDenyWriteExecute=true