blob: 311bc0d8950dd76d84e2c84d7a5d48fb55577c48 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
# ngIRCd systemd service unit.
# See systemd(1), systemd.unit(5), systemd.service(5), systemd.exec(5).
[Unit]
Description=Next Generation IRC Daemon
Documentation=man:ngircd(8) man:ngircd.conf(5) https://ngircd.barton.de
After=network.target
Wants=anope.service atheme.service irc-services.service
Wants=bopm.service hopm.service
Before=anope.service atheme.service irc-services.service
Before=bopm.service hopm.service
[Service]
Type=notify
User=irc
Group=irc
# Settings & limits:
CapabilityBoundingSet=CAP_SYS_CHROOT CAP_NET_BIND_SERVICE
MemoryDenyWriteExecute=yes
NoNewPrivileges=yes
PrivateDevices=yes
PrivateTmp=yes
ProtectControlGroups=yes
ProtectHome=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectSystem=full
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
RestrictRealtime=yes
RuntimeDirectory=ircd
RuntimeDirectoryMode=750
StandardError=journal
StandardOutput=journal
# Try to load "default files" from any Debian package variant to keep this
# unit generic.
EnvironmentFile=-/etc/default/ngircd
EnvironmentFile=-/etc/default/ngircd-full
EnvironmentFile=-/etc/default/ngircd-full-dbg
# Start ngIRCd. Note: systemd doesn't allow to use $DAEMON here!
ExecStart=/usr/sbin/ngircd --nodaemon --syslog $PARAMS
ExecReload=/bin/kill -HUP $MAINPID
# Error handling:
# ngIRCd tries to "ping" the service manager every 3 seconds.
WatchdogSec=10
Restart=on-failure
[Install]
WantedBy=multi-user.target
|
