github.com/aychain/blockbook@v0.1.1-0.20181121092459-6d1fc7e07c5b/build/templates/blockbook/debian/service (about) 1 {{define "main" -}} 2 [Unit] 3 Description=Blockbook daemon ({{.Coin.Name}}) 4 After=network.target 5 Wants={{.Backend.PackageName}}.service 6 7 [Service] 8 ExecStart={{.Env.BlockbookInstallPath}}/{{.Coin.Alias}}/bin/blockbook -blockchaincfg={{.Env.BlockbookInstallPath}}/{{.Coin.Alias}}/config/blockchaincfg.json -datadir={{.Env.BlockbookDataPath}}/{{.Coin.Alias}}/blockbook/db -sync -internal={{template "Blockbook.InternalBindingTemplate" .}} -public={{template "Blockbook.PublicBindingTemplate" .}} -certfile={{.Env.BlockbookInstallPath}}/{{.Coin.Alias}}/cert/blockbook -explorer={{.Blockbook.ExplorerURL}} -log_dir={{.Env.BlockbookInstallPath}}/{{.Coin.Alias}}/logs {{.Blockbook.AdditionalParams}} 9 User={{.Blockbook.SystemUser}} 10 Type=simple 11 Restart=on-failure 12 TimeoutStopSec=300 13 WorkingDirectory={{.Env.BlockbookInstallPath}}/{{.Coin.Alias}} 14 15 # Resource limits 16 LimitNOFILE=500000 17 18 # Hardening measures 19 #################### 20 21 # Provide a private /tmp and /var/tmp. 22 PrivateTmp=true 23 24 # Mount /usr, /boot/ and /etc read-only for the process. 25 ProtectSystem=full 26 27 # Disallow the process and all of its children to gain 28 # new privileges through execve(). 29 NoNewPrivileges=true 30 31 # Use a new /dev namespace only populated with API pseudo devices 32 # such as /dev/null, /dev/zero and /dev/random. 33 PrivateDevices=true 34 35 # Deny the creation of writable and executable memory mappings. 36 MemoryDenyWriteExecute=true 37 38 [Install] 39 WantedBy=multi-user.target 40 {{end}}