github.com/dawnbass68/maddcash@v0.0.0-20201001105353-c91c12cb36e5/build/templates/backend/debian/service

github.com/dawnbass68/maddcash@v0.0.0-20201001105353-c91c12cb36e5/build/templates/backend/debian/service (about)

     1  {{define "main" -}}
     2  [Unit]
     3  Description={{.Coin.Name}} backend daemon
     4  After=network.target
     5  
     6  [Service]
     7  ExecStart={{template "Backend.ExecCommandTemplate" .}}
     8  User={{.Backend.SystemUser}}
     9  Restart=on-failure
    10  TimeoutStopSec=300
    11  WorkingDirectory={{.Env.BackendInstallPath}}/{{.Coin.Alias}}
    12  {{if eq .Backend.ServiceType "forking" -}}
    13  Type=forking
    14  RuntimeDirectory={{.Coin.Alias}}
    15  PIDFile=/run/{{.Coin.Alias}}/{{.Coin.Alias}}.pid
    16  {{else -}}
    17  Type=simple
    18  {{end}}
    19  {{template "Backend.ServiceAdditionalParamsTemplate" .}}
    20  
    21  # Resource limits
    22  LimitNOFILE=500000
    23  
    24  # Hardening measures
    25  ####################
    26  
    27  # Provide a private /tmp and /var/tmp.
    28  PrivateTmp=true
    29  
    30  # Mount /usr, /boot/ and /etc read-only for the process.
    31  ProtectSystem=full
    32  
    33  # Disallow the process and all of its children to gain
    34  # new privileges through execve().
    35  NoNewPrivileges=true
    36  
    37  # Use a new /dev namespace only populated with API pseudo devices
    38  # such as /dev/null, /dev/zero and /dev/random.
    39  PrivateDevices=true
    40  
    41  {{if .Backend.ProtectMemory -}}
    42  # Deny the creation of writable and executable memory mappings.
    43  MemoryDenyWriteExecute=true
    44  {{end}}
    45  
    46  [Install]
    47  WantedBy=multi-user.target
    48  {{end}}