Mirrors/i2pd
2
0
Fork 0
mirror of https://github.com/PurpleI2P/i2pd.git synced 2025-04-28 11:47:48 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge a73ff48d56 into 3925540517

Browse source
This commit is contained in:
rany 2020-11-17 10:58:35 +02:00 committed by GitHub
commit d9f9cc4a07
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 38 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

42
contrib/i2pd.service
View file

@ -2,20 +2,24 @@
Description=I2P Router written in C++
Documentation=man:i2pd(1) https://i2pd.readthedocs.io/en/latest/
After=network.target
ConditionFileIsExecutable=/usr/sbin/i2pd
[Service]
User=i2pd
Group=i2pd
PermissionsStartOnly=yes
RuntimeDirectory=i2pd
RuntimeDirectoryMode=0700
LogsDirectory=i2pd
LogsDirectoryMode=0700
Type=forking
ExecStart=/usr/sbin/i2pd --conf=/etc/i2pd/i2pd.conf --tunconf=/etc/i2pd/tunnels.conf --tunnelsdir=/etc/i2pd/tunnels.conf.d --pidfile=/run/i2pd/i2pd.pid --logfile=/var/log/i2pd/i2pd.log --daemon --service
Type=exec
Environment="DAEMON_OPTS=--conf=/etc/i2pd/i2pd.conf --tunconf=/etc/i2pd/tunnels.conf --tunnelsdir=/etc/i2pd/tunnels.conf.d --pidfile=/run/i2pd/i2pd.pid --logfile=/var/log/i2pd/i2pd.log --loglevel=error --service"
EnvironmentFile=-/etc/default/i2pd
ExecStart=/usr/sbin/i2pd $DAEMON_OPTS
ExecReload=/bin/sh -c "kill -HUP $MAINPID"
PIDFile=/run/i2pd/i2pd.pid
### Uncomment, if auto restart needed
#Restart=on-failure
Restart=on-failure
KillSignal=SIGQUIT
# If you have the patience waiting 10 min on restarting/stopping it, uncomment this.
@ -28,5 +32,35 @@ LimitNOFILE=4096
# To enable write of coredump uncomment this
#LimitCORE=infinity
# Hardening
NoNewPrivileges=yes
PrivateTmp=yes
PrivateUsers=true
PrivateDevices=yes
ProtectHome=yes
ProtectSystem=full
ProtectClock=true
ProtectControlGroups=yes
ProtectHostname=true
ProtectKernelLogs=true
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectSystem=strict
RestrictAddressFamilies=AF_INET AF_INET6
RestrictNamespaces=true
RestrictRealtime=true
RestrictSUIDSGID=true
RemoveIPC=true
ReadOnlyDirectories=/
ReadWriteDirectories=-/var/lib/i2pd
ReadWriteDirectories=-/var/log/i2pd
ReadWriteDirectories=-/run
CapabilityBoundingSet=
UMask=0077
LockPersonality=true
MemoryDenyWriteExecute=true
SystemCallArchitectures=native
SystemCallFilter=~@clock @debug @module @mount @raw-io @reboot @mount @raw-io @reboot @swap @privileged @resources @cpu-emulation @obsolete
[Install]
WantedBy=multi-user.target