Mercurial > prosody-modules
view misc/systemd/prosody.service @ 3424:6ae875c98daf
mod_atom: Check whether user exists
This is in order to prevent creation of PEP service objects for
non-existant users.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Thu, 03 Jan 2019 11:39:28 +0100 |
parents | f8ecb4b248b0 |
children | bf5370a40a15 |
line wrap: on
line source
[Unit] ### see man systemd.unit Description=Prosody XMPP Server Documentation=https://prosody.im/doc [Service] ### See man systemd.service ### # With this configuration, systemd takes care of daemonization # so Prosody should be configured with daemonize = false Type=simple # Not sure if this is needed for 'simple' PIDFile=/var/run/prosody/prosody.pid # Start by executing the main executable ExecStart=/usr/bin/prosody ExecReload=/bin/kill -HUP $MAINPID # Restart on crashes Restart=on-abnormal # Set O_NONBLOCK flag on sockets passed via socket activation NonBlocking=true ### See man systemd.exec ### WorkingDirectory=/var/lib/prosody User=prosody Group=prosody Umask=0027 # Nice=0 # Set stdin to /dev/null since Prosody does not need it StandardInput=null # Direct stdout/-err to journald for use with log = "*stdout" StandardOutput=journal StandardError=inherit # This usually defaults to 4k or so # LimitNOFILE=1M ## Interesting protection methods # Finding a useful combo of these settings would be nice # # Needs read access to /etc/prosody for config # Needs write access to /var/lib/prosody for storing data (for internal storage) # Needs write access to /var/log/prosody for writing logs (depending on config) # Needs read access to code and libraries loaded # ReadWriteDirectories=/var/lib/prosody /var/log/prosody # InaccessibleDirectories=/boot /home /media /mnt /root /srv # ReadOnlyDirectories=/usr /etc/prosody # PrivateTmp=true # PrivateDevices=true # PrivateNetwork=false # ProtectSystem=full # ProtectHome=true # ProtectKernelTunables=true # ProtectControlGroups=true # SystemCallFilter= # This should break LuaJIT # MemoryDenyWriteExecute=true