74 lines
1.7 KiB
Desktop File
74 lines
1.7 KiB
Desktop File
# This variant of the unit file is for local installations that are installed with `make install`.
|
|
#
|
|
# The relevant paths are:
|
|
#
|
|
#/usr/local/bin/dogecoind
|
|
#/usr/local/etc/dogecoin/
|
|
#/var/local/dogecoin/
|
|
|
|
[Unit]
|
|
Description=Dogecoin's distributed currency daemon
|
|
After=network.target
|
|
|
|
[Service]
|
|
Type=simple
|
|
ExecStart=/usr/local/bin/dogecoind -conf=/usr/local/etc/dogecoin/dogecoin.conf -datadir=/var/local/dogecoin
|
|
|
|
KillSignal=SIGINT
|
|
Restart=always
|
|
RestartSec=5
|
|
TimeoutStopSec=60
|
|
TimeoutStartSec=5
|
|
StartLimitIntervalSec=120
|
|
StartLimitBurst=5
|
|
|
|
User=dogecoin
|
|
Group=dogecoin
|
|
|
|
### Restrict resource consumption
|
|
MemoryAccounting=yes
|
|
MemoryLimit=3g
|
|
|
|
### Restrict access to host file system.
|
|
#
|
|
# Hide the entire root file system by default, and *only* mount in exactly what is needed.
|
|
#
|
|
|
|
TemporaryFileSystem=/:ro
|
|
|
|
# Add core dependencies
|
|
BindReadOnlyPaths=/etc/ /lib/ /lib64/
|
|
|
|
# Add daemon paths
|
|
BindReadOnlyPaths=/usr/local/bin/dogecoind /usr/local/etc/dogecoin/
|
|
BindPaths=/var/local/dogecoin/
|
|
|
|
### Restrict access to system.
|
|
|
|
NoNewPrivileges=true
|
|
PrivateTmp=true
|
|
PrivateDevices=true
|
|
PrivateUsers=true
|
|
DevicePolicy=closed
|
|
ProtectHome=true
|
|
ProtectHostname=true
|
|
ProtectControlGroups=true
|
|
ProtectClock=true
|
|
ProtectKernelModules=true
|
|
ProtectKernelTunables=true
|
|
ProtectKernelLogs=true
|
|
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
|
|
RestrictNamespaces=true
|
|
RestrictRealtime=true
|
|
RestrictSUIDSGID=true
|
|
MemoryDenyWriteExecute=true
|
|
LockPersonality=true
|
|
|
|
# ProtectSystem=strict would normally be used, however it nullifies TemporaryFileSystem,
|
|
# since it remounts root as read only over the top.
|
|
# In this case, do not enable ProtectSystem.
|
|
#ProtectSystem=strict
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|