contrib/ngircd.service

   1 # ngIRCd systemd service unit.
   2 # See systemd(1), systemd.unit(5), systemd.service(5), systemd.exec(5).
   3
   4 [Unit]
   5 Description=Next Generation IRC Daemon
   6 Documentation=man:ngircd(8) man:ngircd.conf(5) https://ngircd.barton.de
   7 After=network.target
   8 Wants=anope.service atheme.service irc-services.service
   9 Wants=bopm.service hopm.service
  10 Before=anope.service atheme.service irc-services.service
  11 Before=bopm.service hopm.service
  12
  13 [Service]
  14 Type=notify
  15 User=irc
  16 Group=irc
  17 # Settings & limits:
  18 CapabilityBoundingSet=CAP_SYS_CHROOT CAP_NET_BIND_SERVICE
  19 MemoryDenyWriteExecute=yes
  20 NoNewPrivileges=yes
  21 PrivateDevices=yes
  22 PrivateTmp=yes
  23 ProtectControlGroups=yes
  24 ProtectHome=yes
  25 ProtectKernelModules=yes
  26 ProtectKernelTunables=yes
  27 ProtectSystem=full
  28 RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
  29 RestrictRealtime=yes
  30 RuntimeDirectory=ircd
  31 RuntimeDirectoryMode=750
  32 StandardError=journal
  33 StandardOutput=journal
  34 # Try to load "default files" from any Debian package variant to keep this
  35 # unit generic.
  36 EnvironmentFile=-/etc/default/ngircd
  37 EnvironmentFile=-/etc/default/ngircd-full
  38 EnvironmentFile=-/etc/default/ngircd-full-dbg
  39 # Start ngIRCd. Note: systemd doesn't allow to use $DAEMON here!
  40 ExecStart=/usr/sbin/ngircd --nodaemon --syslog $PARAMS
  41 ExecReload=/bin/kill -HUP $MAINPID
  42 # Error handling:
  43 # ngIRCd tries to "ping" the service manager every 3 seconds.
  44 WatchdogSec=10
  45 Restart=on-failure
  46
  47 [Install]
  48 WantedBy=multi-user.target