prosody-modules: misc/systemd/prosody.service@eb1c524a5150 (annotated)

5884 eb1c524a5150 misc/systemd: Add comment with link to our debian resources including systemd service file Kim Alvefur <zash@zash.se> parents: 5883 diff changeset	1	# This is an example service file. For some time there's now also one in used in our Debian releases at https://hg.prosody.im/debian/
eb1c524a5150 misc/systemd: Add comment with link to our debian resources including systemd service file Kim Alvefur <zash@zash.se> parents: 5883 diff changeset	2
2355 f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	3	[Unit]
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	4	### see man systemd.unit
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	5	Description=Prosody XMPP Server
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	6	Documentation=https://prosody.im/doc
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	7
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	8	[Service]
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	9	### See man systemd.service ###
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	10	# With this configuration, systemd takes care of daemonization
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	11	# so Prosody should be configured with daemonize = false
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	12	Type=simple
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	13
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	14	# Not sure if this is needed for 'simple'
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	15	PIDFile=/var/run/prosody/prosody.pid
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	16
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	17	# Start by executing the main executable
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	18	ExecStart=/usr/bin/prosody
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	19
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	20	ExecReload=/bin/kill -HUP $MAINPID
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	21
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	22	# Restart on crashes
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	23	Restart=on-abnormal
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	24
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	25	# Set O_NONBLOCK flag on sockets passed via socket activation
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	26	NonBlocking=true
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	27
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	28	### See man systemd.exec ###
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	29
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	30	WorkingDirectory=/var/lib/prosody
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	31
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	32	User=prosody
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	33	Group=prosody
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	34
5883 bf5370a40a15 misc/systemd: Fix typo Kim Alvefur <zash@zash.se> parents: 2355 diff changeset	35	UMask=0027
2355 f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	36
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	37	# Nice=0
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	38
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	39	# Set stdin to /dev/null since Prosody does not need it
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	40	StandardInput=null
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	41
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	42	# Direct stdout/-err to journald for use with log = "*stdout"
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	43	StandardOutput=journal
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	44	StandardError=inherit
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	45
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	46	# This usually defaults to 4k or so
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	47	# LimitNOFILE=1M
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	48
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	49	## Interesting protection methods
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	50	# Finding a useful combo of these settings would be nice
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	51	#
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	52	# Needs read access to /etc/prosody for config
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	53	# Needs write access to /var/lib/prosody for storing data (for internal storage)
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	54	# Needs write access to /var/log/prosody for writing logs (depending on config)
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	55	# Needs read access to code and libraries loaded
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	56
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	57	# ReadWriteDirectories=/var/lib/prosody /var/log/prosody
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	58	# InaccessibleDirectories=/boot /home /media /mnt /root /srv
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	59	# ReadOnlyDirectories=/usr /etc/prosody
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	60
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	61	# PrivateTmp=true
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	62	# PrivateDevices=true
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	63	# PrivateNetwork=false
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	64
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	65	# ProtectSystem=full
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	66	# ProtectHome=true
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	67	# ProtectKernelTunables=true
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	68	# ProtectControlGroups=true
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	69	# SystemCallFilter=
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	70
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	71	# This should break LuaJIT
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	72	# MemoryDenyWriteExecute=true
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	73
f8ecb4b248b0 misc: An experimental systemd service file Kim Alvefur <zash@zash.se> parents: diff changeset	74

author	Kim Alvefur <zash@zash.se>
	Sat, 06 Apr 2024 17:55:23 +0200
changeset 5884	eb1c524a5150
parent 5883	bf5370a40a15
permissions	-rw-r--r--