initial commit

1 files changed, 36 insertions, 0 deletions

diff --git a/wesnothd-1.14.service b/wesnothd-1.14.service
new file mode 100644
index 000000000000..7ecad8524a02
--- /dev/null
+++ b/wesnothd-1.14.service
@@ -0,0 +1,36 @@
+[Unit]
+Description=Wesnoth-1.14 Server Daemon
+Documentation=https://www.wesnoth.org/wiki/ServerAdministration
+Documentation=man:wesnoth-1.14(6)
+After=network.target
+# They use by default the same port
+Conflicts=wesnothd.service wesnothd-1.0.service wesnothd-1.2.service wesnothd-1.4.service wesnothd-1.6.service wesnothd-1.8.service wesnothd-1.10.service wesnothd-1.12.service wesnothd-devel.service wesnothd-git.service
+
+[Service]
+ExecStart=/usr/bin/wesnothd-1.14 -t 2 -T 5
+# you can use -c to specify the same configuration file
+# which is used when starting wensothd from the wesnoth UI
+# (and make sure wesnothd has the required access permissions)
+
+SyslogIdentifier=Wesnothd-1.14
+User=nobody
+Group=nobody
+ExecStopPost=/usr/bin/rm -f /run/wesnothd-1.14/socket
+
+# Additional security-related features
+ProtectSystem=yes
+PrivateTmp=yes
+PrivateDevices=yes
+NoNewPrivileges=yes
+RestrictAddressFamilies=AF_INET
+RestrictRealtime=yes
+MemoryDenyWriteExecute=yes
+SystemCallArchitectures=native
+ProtectControlGroups=yes
+ProtectKernelTunables=yes
+ProtectKernelModules=yes
+RestrictNamespaces=yes
+LockPersonality=yes
+
+[Install]
+WantedBy=multi-user.target