Init: Add systemd system unit. Contributes to progval#26

Signed-off-by: Björn Bidar <[email protected]>
Thaodan · Jul 11, 2022 · 1ce2051 · 1ce2051
1 parent cbbf089
commit 1ce2051
Showing 1 changed file with 50 additions and 0 deletions.
diff --git a/init/systemd/system/matrix2052.service b/init/systemd/system/matrix2052.service
@@ -0,0 +1,50 @@
+[Unit]
+Description=A Matrix gateway for IRC, join from your favorite IRC client
+After=network.target
+Wants=network.target
+
+[Service]
+Type=simple
+User=matrix2051
+Group=matrix2051
+DynamicUser=true
+SyslogIdentifier=matrix2051
+StateDirectory=matrix2051
+RuntimeDirectory=matrix2051
+ExecStart=/usr/lib/matrix2051/bin/matrix2051 start
+ExecStop=/usr/lib/matrix2051/bin/matrix2051 stop
+Environment=HOME=/var/lib/matrix2051
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+Restart=always
+RestartSec=10
+CapabilityBoundingSet=
+AmbientCapabilities=
+NoNewPrivileges=true
+#SecureBits=
+ProtectSystem=strict
+ProtectHome=true
+PrivateTmp=true
+PrivateDevices=true
+PrivateNetwork=false
+PrivateUsers=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictNamespaces=true
+LockPersonality=true
+RestrictRealtime=true
+RestrictSUIDSGID=true
+SystemCallFilter=@system-service
+SystemCallArchitectures=native
+
+
+[Install]
+WantedBy=multi-user.target