summarylogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--.SRCINFO2
-rw-r--r--PKGBUILD15
-rw-r--r--prosody.install3
-rw-r--r--prosody.service66
4 files changed, 67 insertions, 19 deletions
diff --git a/.SRCINFO b/.SRCINFO
index 0896cff26f68..c2eeb9b59f78 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -32,7 +32,7 @@ pkgbase = prosody-hg
sha256sums = SKIP
sha256sums = f8612ba5d92fdae8fffe826b3248452d25315af15b1c8f1874f68bbfaeaab055
sha256sums = e5c30ffbb066f0ed3444475b3313490c535d8c9df018726f6cecf9e3ddfd2e48
- sha256sums = af4ce76ae0a8773429eac53c72f1b87c8fa59c63acf003450f75dcb73131a21c
+ sha256sums = f2ba8da777d660361a4fbe5d80e8e5855e07052ad67d7534413d39b4cbddaa1d
pkgname = prosody-hg
diff --git a/PKGBUILD b/PKGBUILD
index f3b91e206dd1..84044a40b191 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -48,19 +48,6 @@ prepare() {
sed -i s/"error = "/"-- error = "/g prosody.cfg.lua.dist
sed -i s/"--\ \"\*syslog\"\;"/"\"*syslog\"\;"/g prosody.cfg.lua.dist
-
- # add pidfile and daemonize
- # daemonize is important for systemd!
- mv prosody.cfg.lua.dist prosody.cfg.lua.old
-
- echo --Important for systemd >> prosody.cfg.lua.dist
- echo -- daemonize is important for systemd. if you set this to false the systemd startup will freeze. >> prosody.cfg.lua.dist
- echo daemonize = true >> prosody.cfg.lua.dist
- echo 'pidfile = "/run/prosody/prosody.pid"'>> prosody.cfg.lua.dist
- echo "" >> prosody.cfg.lua.dist
- cat prosody.cfg.lua.old >> prosody.cfg.lua.dist
- rm prosody.cfg.lua.old
-
./configure --ostype=linux --prefix=/usr --sysconfdir=/etc/prosody \
--datadir=/var/lib/prosody --with-lua-include=/usr/include/lua5.2 \
--cflags="${CFLAGS} -fPIC -Wall -Wextra -D_GNU_SOURCE" \
@@ -102,4 +89,4 @@ package() {
sha256sums=('SKIP'
'f8612ba5d92fdae8fffe826b3248452d25315af15b1c8f1874f68bbfaeaab055'
'e5c30ffbb066f0ed3444475b3313490c535d8c9df018726f6cecf9e3ddfd2e48'
- 'af4ce76ae0a8773429eac53c72f1b87c8fa59c63acf003450f75dcb73131a21c')
+ 'f2ba8da777d660361a4fbe5d80e8e5855e07052ad67d7534413d39b4cbddaa1d')
diff --git a/prosody.install b/prosody.install
index 989da11b417f..842a5f470980 100644
--- a/prosody.install
+++ b/prosody.install
@@ -1,5 +1,8 @@
post_install() {
echo ">> Documentation: https://wiki.archlinux.org/index.php/Prosody"
+ echo
+ echo ">> The unit file has been changed to Type=simple. "
+ echo ">> You need to change the configuration back to daemonize=false (prosody default)."
}
post_upgrade() {
diff --git a/prosody.service b/prosody.service
index ba78f64bc9e5..fae82ab2f272 100644
--- a/prosody.service
+++ b/prosody.service
@@ -1,15 +1,73 @@
[Unit]
Description=XMPP (Jabber) Server
+Documentation=https://prosody.im/doc
After=network.target
[Service]
-Type=forking
-PIDFile=/run/prosody/prosody.pid
-ExecStart=/usr/bin/prosodyctl start
-ExecStop=/usr/bin/prosodyctl stop
+### See man systemd.service ###
+# With this configuration, systemd takes care of daemonization
+# so Prosody should be configured with daemonize = false
+Type=simple
+
+# Not sure if this is needed for 'simple'
+PIDFile=/var/run/prosody/prosody.pid
+
+# Start by executing the main executable
+ExecStart=/usr/bin/prosody
+
ExecReload=/bin/kill -HUP $MAINPID
+# Restart on crashes
+Restart=on-abnormal
+
+# Set O_NONBLOCK flag on sockets passed via socket activation
+NonBlocking=true
+
+### See man systemd.exec ###
+
+WorkingDirectory=/var/lib/prosody
+
+User=prosody
+Group=jabber
+
+Umask=0027
+
+# Nice=0
+
+# Set stdin to /dev/null since Prosody does not need it
+StandardInput=null
+
+# Direct stdout/-err to journald for use with log = "*stdout"
StandardOutput=journal
+StandardError=inherit
+
+# This usually defaults to 4k or so
+# LimitNOFILE=1M
+
+## Interesting protection methods
+# Finding a useful combo of these settings would be nice
+#
+# Needs read access to /etc/prosody for config
+# Needs write access to /var/lib/prosody for storing data (for internal storage)
+# Needs write access to /var/log/prosody for writing logs (depending on config)
+# Needs read access to code and libraries loaded
+
+# ReadWriteDirectories=/var/lib/prosody /var/log/prosody
+# InaccessibleDirectories=/boot /home /media /mnt /root /srv
+# ReadOnlyDirectories=/usr /etc/prosody
+
+# PrivateTmp=true
+# PrivateDevices=true
+# PrivateNetwork=false
+
+# ProtectSystem=full
+# ProtectHome=true
+# ProtectKernelTunables=true
+# ProtectControlGroups=true
+# SystemCallFilter=
+
+# This should break LuaJIT
+# MemoryDenyWriteExecute=true
[Install]
WantedBy=multi-user.target