From 8d4b0d8d6aae1b48e1c563edab1a0e0e44acf4b8 Mon Sep 17 00:00:00 2001 From: Davidson Souza Date: Mon, 27 Jan 2025 13:19:23 -0300 Subject: [PATCH] dist: add a sample systemd service --- contrib/init/floresta.service | 58 +++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 contrib/init/floresta.service diff --git a/contrib/init/floresta.service b/contrib/init/floresta.service new file mode 100644 index 00000000..4cd1b681 --- /dev/null +++ b/contrib/init/floresta.service @@ -0,0 +1,58 @@ +[Unit] +Description=Floresta: A Lightweight Utreexo-powered Bitcoin full node implementation +Documentation=https://github.com/vinteumorg/Floresta +After=network-online.target time-set.target +Wants=network-online.target + + +[Service] +ExecStart=/usr/bin/florestad --data-dir=/var/lib/florestad --config-file /etc/floresta/config.toml + +# Don't enter a restart loop, as it might corrupt our database +Restart=no + +TimeoutStartSec=infinity +TimeoutStopSec=600 + +# Make sure we can read from the config file +ExecStartPre=/bin/chgrp florestad /etc/florestad +User=florestad +Group=florestad + +# /run/florestad +RuntimeDirectory=florestad +RuntimeDirectoryMode=0710 + +# /etc/florestad +ConfigurationDirectory=florestad +ConfigurationDirectoryMode=0710 + +# /var/lib/floresta +StateDirectory=floresta +StateDirectoryMode=0710 + +# Provide a private /tmp and /var/tmp. +PrivateTmp=true + +# Mount /usr, /boot/ and /etc read-only for the process. +ProtectSystem=full + +# Deny access to /home, /root and /run/user +ProtectHome=true + +# Disallow the process and all of its children to gain +# new privileges through execve(). +NoNewPrivileges=true + +# Use a new /dev namespace only populated with API pseudo devices +# such as /dev/null, /dev/zero and /dev/random. +PrivateDevices=true + +# Deny the creation of writable and executable memory mappings. +MemoryDenyWriteExecute=true + +# Restrict ABIs to help ensure MemoryDenyWriteExecute is enforced +SystemCallArchitectures=native + +[Install] +WantedBy=multi-user.target