diff options
| author | Avi H.D. | 2025-04-09 22:36:24 +0530 |
|---|---|---|
| committer | Avi H.D. | 2025-04-09 22:36:24 +0530 |
| commit | b78d59ce1edc9be98ea5b9d4bc777202df99aaf7 (patch) | |
| tree | 5e9687f42d925a442472755033c541ea98379f7d /ntripcaster.service | |
| parent | b14267031fbab46dc7b104a6151d3a714aa60514 (diff) | |
| download | aur-ntripcaster.tar.gz | |
Add ntrip user and our own service unit
Diffstat (limited to 'ntripcaster.service')
| -rw-r--r-- | ntripcaster.service | 73 |
1 files changed, 73 insertions, 0 deletions
diff --git a/ntripcaster.service b/ntripcaster.service new file mode 100644 index 000000000000..d879f8252764 --- /dev/null +++ b/ntripcaster.service @@ -0,0 +1,73 @@ +[Unit] +Description=ntripcaster daemon +Documentation=https://igs.bkg.bund.de/ntrip/bkgcaster/ +After=network.target +Wants=network.target + +[Service] +Type=forking +KillMode=process +WorkingDirectory=/etc/ntripcaster/ +#ExecStartPre=/bin/sh -c 'mkdir -p /var/log/ntripcaster /etc/ntripcaster >/dev/null 2>&1' +ExecStart=/usr/bin/ntripdaemon -d /etc/ntripcaster -b +PIDFile=/run/ntripcaster/caster.pid + +WatchdogSec=15 +NotifyAccess=all + +Restart=always +RestartSec=5 + +TimeoutStopFailureMode=kill +TimeoutStopSec=15 + +User=ntrip +Group=ntrip + +CapabilityBoundingSet= +AmbientCapabilities= +NoNewPrivileges=true + +RootDirectory=/usr/share/ntripcaster +ProtectSystem=strict +ProtectHome=true +ProtectControlGroups=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectKernelLogs=true +ProtectClock=true +PrivateTmp=true +PrivateDevices=true +DeviceAllow=char-rtc:rw:rwm +NotifyAccess=main +UMask=0077 +ReadWritePaths=/run/ntripcaster /var/log/ntripcaster + +RemoveIPC=true +PrivateUsers=true +RestrictSUIDSGID=true +RestrictNamespaces=true +LockPersonality=true +ProtectHostname=true +ProtectProc=invisible +ProcSubset=pid +PrivateMounts=true +MemoryDenyWriteExecute=true +RestrictRealtime=true + +SystemCallFilter=@system-service +SystemCallFilter=~@resources +SystemCallFilter=~@privileged +SystemCallArchitectures=native + +IPAddressDeny=any +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +PrivateNetwork=true + + +# If executed as normal user you may have to increase some limits +# Number of open file descriptors +#LimitNOFILE=infinity + +[Install] +WantedBy=multi-user.target |