maxmustermann
/
dogecoin
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
dogecoin/contrib/init/dogecoind.opt.service

75 lines
1.7 KiB
Desktop File
Raw Blame History

# This variant of the unit file is for "opt" add-on installations that do not form part of the default installation.
# (i.e. out of band installations by the user, not installed by a system package manager like "apt")
#
# The relevant paths are:
#
#/opt/dogecoin/dogecoind
#/etc/opt/dogecoin/
#/var/opt/dogecoin/
[Unit]
Description=Dogecoin's distributed currency daemon
After=network.target
[Service]
Type=simple
ExecStart=/opt/dogecoin/bin/dogecoind -conf=/etc/opt/dogecoin/dogecoin.conf -datadir=/var/opt/dogecoin
KillSignal=SIGINT
Restart=always
RestartSec=5
TimeoutStopSec=60
TimeoutStartSec=5
StartLimitIntervalSec=120
StartLimitBurst=5
User=dogecoin
Group=dogecoin
### Restrict resource consumption
MemoryAccounting=yes
MemoryLimit=3g
### Restrict access to host file system.
#
# Hide the entire root file system by default, and *only* mount in exactly what is needed.
#
TemporaryFileSystem=/:ro
# Add core dependencies
BindReadOnlyPaths=/etc/ /lib/ /lib64/
# Add daemon paths
BindReadOnlyPaths=/opt/dogecoin/ /etc/opt/dogecoin/
BindPaths=/var/opt/dogecoin/
### Restrict access to system.
NoNewPrivileges=true
PrivateTmp=true
PrivateDevices=true
PrivateUsers=true
DevicePolicy=closed
ProtectHome=true
ProtectHostname=true
ProtectControlGroups=true
ProtectClock=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectKernelLogs=true
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
RestrictNamespaces=true
RestrictRealtime=true
RestrictSUIDSGID=true
MemoryDenyWriteExecute=true
LockPersonality=true
# ProtectSystem=strict would normally be used, however it nullifies TemporaryFileSystem,
# since it remounts root as read only over the top.
# In this case, do not enable ProtectSystem.
#ProtectSystem=strict
[Install]
WantedBy=multi-user.target
Reference in New Issue View Git Blame Copy Permalink