github.com/aychain/blockbook@v0.1.1-0.20181121092459-6d1fc7e07c5b/build/templates/blockbook/debian/service

github.com/aychain/blockbook@v0.1.1-0.20181121092459-6d1fc7e07c5b/build/templates/blockbook/debian/service (about)

     1  {{define "main" -}}
     2  [Unit]
     3  Description=Blockbook daemon ({{.Coin.Name}})
     4  After=network.target
     5  Wants={{.Backend.PackageName}}.service
     6  
     7  [Service]
     8  ExecStart={{.Env.BlockbookInstallPath}}/{{.Coin.Alias}}/bin/blockbook -blockchaincfg={{.Env.BlockbookInstallPath}}/{{.Coin.Alias}}/config/blockchaincfg.json -datadir={{.Env.BlockbookDataPath}}/{{.Coin.Alias}}/blockbook/db -sync -internal={{template "Blockbook.InternalBindingTemplate" .}} -public={{template "Blockbook.PublicBindingTemplate" .}} -certfile={{.Env.BlockbookInstallPath}}/{{.Coin.Alias}}/cert/blockbook -explorer={{.Blockbook.ExplorerURL}} -log_dir={{.Env.BlockbookInstallPath}}/{{.Coin.Alias}}/logs {{.Blockbook.AdditionalParams}}
     9  User={{.Blockbook.SystemUser}}
    10  Type=simple
    11  Restart=on-failure
    12  TimeoutStopSec=300
    13  WorkingDirectory={{.Env.BlockbookInstallPath}}/{{.Coin.Alias}}
    14  
    15  # Resource limits
    16  LimitNOFILE=500000
    17  
    18  # Hardening measures
    19  ####################
    20  
    21  # Provide a private /tmp and /var/tmp.
    22  PrivateTmp=true
    23  
    24  # Mount /usr, /boot/ and /etc read-only for the process.
    25  ProtectSystem=full
    26  
    27  # Disallow the process and all of its children to gain
    28  # new privileges through execve().
    29  NoNewPrivileges=true
    30  
    31  # Use a new /dev namespace only populated with API pseudo devices
    32  # such as /dev/null, /dev/zero and /dev/random.
    33  PrivateDevices=true
    34  
    35  # Deny the creation of writable and executable memory mappings.
    36  MemoryDenyWriteExecute=true
    37  
    38  [Install]
    39  WantedBy=multi-user.target
    40  {{end}}