diff options
| author | Maxime “pep” Buquet | 2019-11-20 16:44:57 +0100 |
|---|---|---|
| committer | Maxime “pep” Buquet | 2019-11-20 16:44:57 +0100 |
| commit | 9f6cd2251c1271ba841045bd274dccb76254dfa4 (patch) | |
| tree | 0f6515d32867c4eb59468491dfdc89d4bac19063 /prosody.service | |
| parent | 05a31ff6cbc6d6f1b441e77645325a8599f96f74 (diff) | |
| download | aur-9f6cd2251c12.tar.gz | |
Change unit file to use prosody directly and not prosodyctl
As recommended by upstream. Service file taken from their repo.
Signed-off-by: Maxime “pep” Buquet <pep@bouah.net>
Diffstat (limited to 'prosody.service')
| -rw-r--r-- | prosody.service | 66 |
1 files changed, 62 insertions, 4 deletions
diff --git a/prosody.service b/prosody.service index ba78f64bc9e5..fae82ab2f272 100644 --- a/prosody.service +++ b/prosody.service @@ -1,15 +1,73 @@ [Unit] Description=XMPP (Jabber) Server +Documentation=https://prosody.im/doc After=network.target [Service] -Type=forking -PIDFile=/run/prosody/prosody.pid -ExecStart=/usr/bin/prosodyctl start -ExecStop=/usr/bin/prosodyctl stop +### See man systemd.service ### +# With this configuration, systemd takes care of daemonization +# so Prosody should be configured with daemonize = false +Type=simple + +# Not sure if this is needed for 'simple' +PIDFile=/var/run/prosody/prosody.pid + +# Start by executing the main executable +ExecStart=/usr/bin/prosody + ExecReload=/bin/kill -HUP $MAINPID +# Restart on crashes +Restart=on-abnormal + +# Set O_NONBLOCK flag on sockets passed via socket activation +NonBlocking=true + +### See man systemd.exec ### + +WorkingDirectory=/var/lib/prosody + +User=prosody +Group=jabber + +Umask=0027 + +# Nice=0 + +# Set stdin to /dev/null since Prosody does not need it +StandardInput=null + +# Direct stdout/-err to journald for use with log = "*stdout" StandardOutput=journal +StandardError=inherit + +# This usually defaults to 4k or so +# LimitNOFILE=1M + +## Interesting protection methods +# Finding a useful combo of these settings would be nice +# +# Needs read access to /etc/prosody for config +# Needs write access to /var/lib/prosody for storing data (for internal storage) +# Needs write access to /var/log/prosody for writing logs (depending on config) +# Needs read access to code and libraries loaded + +# ReadWriteDirectories=/var/lib/prosody /var/log/prosody +# InaccessibleDirectories=/boot /home /media /mnt /root /srv +# ReadOnlyDirectories=/usr /etc/prosody + +# PrivateTmp=true +# PrivateDevices=true +# PrivateNetwork=false + +# ProtectSystem=full +# ProtectHome=true +# ProtectKernelTunables=true +# ProtectControlGroups=true +# SystemCallFilter= + +# This should break LuaJIT +# MemoryDenyWriteExecute=true [Install] WantedBy=multi-user.target |