mirror of
				https://github.com/osmarks/ngircd.git
				synced 2025-10-26 11:37:39 +00:00 
			
		
		
		
	Further enhance systemd unit file
- Add more comments/documentation. - Add dependencies for services and proxy scanners. - Add more limit configurations. - Allow AF_UNIX address family, required for syslog!
This commit is contained in:
		| @@ -1,24 +1,40 @@ | ||||
| # ngIRCd systemd service unit. | ||||
| # See systemd(1), systemd.unit(5), systemd.service(5), systemd.exec(5). | ||||
|  | ||||
| [Unit] | ||||
| Description=Next Generation IRC Daemon | ||||
| Documentation=man:ngircd(8) man:ngircd.conf(5) https://ngircd.barton.de | ||||
| After=network.target | ||||
| Wants=anope.service atheme.service irc-services.service | ||||
| Wants=bopm.service | ||||
| Before=anope.service atheme.service irc-services.service | ||||
| Before=bopm.service | ||||
|  | ||||
| [Service] | ||||
| Type=forking | ||||
| User=irc | ||||
| Group=irc | ||||
| # Settings & limits: | ||||
| CapabilityBoundingSet=CAP_SYS_CHROOT CAP_NET_BIND_SERVICE | ||||
| PrivateTmp=yes | ||||
| MemoryDenyWriteExecute=yes | ||||
| NoNewPrivileges=yes | ||||
| PrivateDevices=yes | ||||
| PrivateTmp=yes | ||||
| ProtectControlGroups=yes | ||||
| ProtectHome=yes | ||||
| ProtectKernelModules=yes | ||||
| ProtectKernelTunables=yes | ||||
| ProtectSystem=full | ||||
| ProtectHome=true | ||||
| NoNewPrivileges=true | ||||
| RestrictAddressFamilies=AF_INET AF_INET6 | ||||
| RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX | ||||
| RestrictRealtime=yes | ||||
| RuntimeDirectory=ircd | ||||
| RuntimeDirectoryMode=750 | ||||
| # Try to load "default files" from any Debian package variant to keep this | ||||
| # unit generic. | ||||
| EnvironmentFile=-/etc/default/ngircd | ||||
| EnvironmentFile=-/etc/default/ngircd-full | ||||
| EnvironmentFile=-/etc/default/ngircd-full-dbg | ||||
| # Start ngIRCd. Note: systemd doesn't allow to use $DAEMON here! | ||||
| ExecStart=/usr/sbin/ngircd $PARAMS | ||||
| ExecReload=/bin/kill -HUP $MAINPID | ||||
| Restart=on-failure | ||||
|   | ||||
		Reference in New Issue
	
	Block a user
	 Alexander Barton
					Alexander Barton