diff options
Diffstat (limited to 'postgresql-lts.service')
| -rw-r--r-- | postgresql-lts.service | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/postgresql-lts.service b/postgresql-lts.service new file mode 100644 index 000000000000..dcef95a9c103 --- /dev/null +++ b/postgresql-lts.service @@ -0,0 +1,43 @@ +[Unit] +Description=PostgreSQL database server +After=network.target + +[Service] +Type=notify +TimeoutSec=120 +User=postgres +Group=postgres + +Environment=PGROOT=/var/lib/postgres + +SyslogIdentifier=postgres +PIDFile=/var/lib/postgres/data/postmaster.pid +RuntimeDirectory=postgresql +RuntimeDirectoryMode=755 + +ExecStartPre=/usr/bin/postgresql-check-db-dir ${PGROOT}/data +ExecStart=/usr/bin/postgres -D ${PGROOT}/data +ExecReload=/bin/kill -HUP ${MAINPID} +KillMode=mixed +KillSignal=SIGINT + +# Due to PostgreSQL's use of shared memory, OOM killer is often overzealous in +# killing Postgres, so adjust it downward +OOMScoreAdjust=-200 + +# Additional security-related features +PrivateTmp=true +ProtectHome=true +ProtectSystem=full +NoNewPrivileges=true +ProtectControlGroups=true +ProtectKernelModules=true +ProtectKernelTunables=true +PrivateDevices=true +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=true +RestrictRealtime=true +SystemCallArchitectures=native + +[Install] +WantedBy=multi-user.target |