mirror of
https://gitlab.com/veilid/veilid.git
synced 2024-11-24 09:50:16 -06:00
45 lines
947 B
Desktop File
45 lines
947 B
Desktop File
# /etc/systemd/system/veilid-server.service
|
|
|
|
[Unit]
|
|
Description=Veilid Headless Node
|
|
Requires=network-online.target
|
|
After=network-online.target
|
|
|
|
[Service]
|
|
Type=simple
|
|
Environment=RUST_BACKTRACE=1
|
|
ExecStart=/usr/bin/veilid-server -c /etc/veilid-server/veilid-server.conf
|
|
ExecReload=/bin/kill -s HUP $MAINPID
|
|
KillSignal=SIGQUIT
|
|
TimeoutStopSec=5
|
|
WorkingDirectory=/
|
|
User=veilid
|
|
Group=veilid
|
|
UMask=0002
|
|
|
|
CapabilityBoundingSet=
|
|
SystemCallFilter=@system-service
|
|
MemoryDenyWriteExecute=true
|
|
NoNewPrivileges=true
|
|
PrivateDevices=true
|
|
PrivateTmp=true
|
|
PrivateUsers=true
|
|
ProtectHome=true
|
|
ProtectClock=true
|
|
ProtectControlGroups=true
|
|
ProtectKernelLogs=true
|
|
ProtectKernelModules=true
|
|
ProtectKernelTunables=true
|
|
ProtectProc=invisible
|
|
ProtectSystem=strict
|
|
ReadWritePaths=/var/db/veilid-server
|
|
ConfigurationDirectory=veilid-server
|
|
|
|
RestrictRealtime=true
|
|
SystemCallArchitectures=native
|
|
LockPersonality=true
|
|
RestrictSUIDSGID=true
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|