Initial

1 files changed, 46 insertions, 0 deletions

diff --git a/postgresql.service b/postgresql.service
new file mode 100644
index 000000000000..eaa43f9b1245
--- /dev/null
+++ b/postgresql.service
@@ -0,0 +1,46 @@
+[Unit]
+Description=PostgreSQL 14 database server
+After=network.target
+
+[Service]
+Type=notify
+TimeoutSec=120
+User=postgres
+Group=postgres
+
+Environment=PGROOT=/var/lib/postgres
+Environment=PATH=/opt/postgresql14/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+Environment=LD_LIBRARY_PATH=/opt/postgresql14/lib
+
+SyslogIdentifier=postgres
+PIDFile=/var/lib/postgres/data14/postmaster.pid
+RuntimeDirectory=postgresql
+RuntimeDirectoryMode=755
+
+ExecStartPre=/opt/postgresql14/bin/postgresql-check-db-dir ${PGROOT}/data14
+ExecStart=/opt/postgresql14/bin/postgres -D ${PGROOT}/data14
+ExecStartPost=/usr/bin/echo "Before using, source /opt/postgresql14/bin/pgenv.sh to set PostgreSQL environment"
+ExecReload=/bin/kill -HUP ${MAINPID}
+KillMode=mixed
+KillSignal=SIGINT
+
+# Due to PostgreSQL's use of shared memory, OOM killer is often overzealous in
+# killing Postgres, so adjust it downward
+OOMScoreAdjust=-200
+
+# Additional security-related features
+PrivateTmp=true
+ProtectHome=true
+ProtectSystem=full
+NoNewPrivileges=true
+ProtectControlGroups=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+PrivateDevices=true
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictNamespaces=true
+RestrictRealtime=true
+SystemCallArchitectures=native
+
+[Install]
+WantedBy=multi-user.target