Mercurial Mercurial > prosody > prosody-modules / annotate
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
misc/systemd/prosody.service
author Kim Alvefur <zash@zash.se>
Sat, 06 Apr 2024 17:51:29 +0200
changeset 5883 bf5370a40a15
parent 2355 f8ecb4b248b0
child 5884 eb1c524a5150
permissions -rw-r--r--
misc/systemd: Fix typo Is this worth keeping? We also have a .service file in the debian repo?
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
2355
f8ecb4b248b0 misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff changeset 
     1
 
[Unit]
f8ecb4b248b0 misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff changeset 
     2
 
### see man systemd.unit
f8ecb4b248b0 misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff changeset 
     3
 
Description=Prosody XMPP Server
f8ecb4b248b0 misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff changeset 
     4
 
Documentation=https://prosody.im/doc
f8ecb4b248b0 misc: An experimental systemd service file
Kim Alvefur <zash@zash.se>
parents:
diff changeset 
     5
 












f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




     6


[Service]












f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




     7


### See man systemd.service ###












f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




     8


# With this configuration, systemd takes care of daemonization












f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




     9


# so Prosody should be configured with daemonize = false












f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    10


Type=simple












f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    11














f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    12


# Not sure if this is needed for 'simple'












f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    13


PIDFile=/var/run/prosody/prosody.pid












f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    14














f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    15


# Start by executing the main executable












f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    16


ExecStart=/usr/bin/prosody












f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    17














f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    18


ExecReload=/bin/kill -HUP $MAINPID












f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    19














f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    20


# Restart on crashes












f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    21


Restart=on-abnormal












f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    22














f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    23


# Set O_NONBLOCK flag on sockets passed via socket activation












f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    24


NonBlocking=true












f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    25














f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    26


### See man systemd.exec ###












f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    27














f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    28


WorkingDirectory=/var/lib/prosody












f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    29














f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    30


User=prosody












f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    31


Group=prosody












f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    32









5883






bf5370a40a15
misc/systemd: Fix typo



Kim Alvefur <zash@zash.se>


parents: 
2355

diff
changeset




    33


UMask=0027







2355






f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    34














f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    35


# Nice=0












f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    36














f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    37


# Set stdin to /dev/null since Prosody does not need it












f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    38


StandardInput=null












f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    39














f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    40


# Direct stdout/-err to journald for use with log = "*stdout"












f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    41


StandardOutput=journal












f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    42


StandardError=inherit












f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    43














f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    44


# This usually defaults to 4k or so












f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    45


# LimitNOFILE=1M












f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    46














f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    47


## Interesting protection methods












f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    48


# Finding a useful combo of these settings would be nice












f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    49


#












f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    50


# Needs read access to /etc/prosody for config












f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    51


# Needs write access to /var/lib/prosody for storing data (for internal storage)












f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    52


# Needs write access to /var/log/prosody for writing logs (depending on config)












f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    53


# Needs read access to code and libraries loaded












f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    54














f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    55


# ReadWriteDirectories=/var/lib/prosody /var/log/prosody












f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    56


# InaccessibleDirectories=/boot /home /media /mnt /root /srv












f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    57


# ReadOnlyDirectories=/usr /etc/prosody












f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    58














f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    59


# PrivateTmp=true












f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    60


# PrivateDevices=true












f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    61


# PrivateNetwork=false












f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    62














f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    63


# ProtectSystem=full












f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    64


# ProtectHome=true












f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    65


# ProtectKernelTunables=true












f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    66


# ProtectControlGroups=true












f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    67


# SystemCallFilter=












f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    68














f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    69


# This should break LuaJIT












f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    70


# MemoryDenyWriteExecute=true












f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    71














f8ecb4b248b0
misc: An experimental systemd service file



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    72
















prosody-modules