Mercurial > prosody-modules
view misc/systemd/prosody.service @ 5266:5943605201ca
mod_http_oauth2: Remove now unused code
Was apparently only used in revocation which now uses
get_request_credentials() directly
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Tue, 21 Mar 2023 22:23:28 +0100 |
parents | f8ecb4b248b0 |
children | bf5370a40a15 |
line wrap: on
line source
[Unit] ### see man systemd.unit Description=Prosody XMPP Server Documentation=https://prosody.im/doc [Service] ### See man systemd.service ### # With this configuration, systemd takes care of daemonization # so Prosody should be configured with daemonize = false Type=simple # Not sure if this is needed for 'simple' PIDFile=/var/run/prosody/prosody.pid # Start by executing the main executable ExecStart=/usr/bin/prosody ExecReload=/bin/kill -HUP $MAINPID # Restart on crashes Restart=on-abnormal # Set O_NONBLOCK flag on sockets passed via socket activation NonBlocking=true ### See man systemd.exec ### WorkingDirectory=/var/lib/prosody User=prosody Group=prosody Umask=0027 # Nice=0 # Set stdin to /dev/null since Prosody does not need it StandardInput=null # Direct stdout/-err to journald for use with log = "*stdout" StandardOutput=journal StandardError=inherit # This usually defaults to 4k or so # LimitNOFILE=1M ## Interesting protection methods # Finding a useful combo of these settings would be nice # # Needs read access to /etc/prosody for config # Needs write access to /var/lib/prosody for storing data (for internal storage) # Needs write access to /var/log/prosody for writing logs (depending on config) # Needs read access to code and libraries loaded # ReadWriteDirectories=/var/lib/prosody /var/log/prosody # InaccessibleDirectories=/boot /home /media /mnt /root /srv # ReadOnlyDirectories=/usr /etc/prosody # PrivateTmp=true # PrivateDevices=true # PrivateNetwork=false # ProtectSystem=full # ProtectHome=true # ProtectKernelTunables=true # ProtectControlGroups=true # SystemCallFilter= # This should break LuaJIT # MemoryDenyWriteExecute=true