Update HowToRelease.txt

[ngircd-alex.git] / contrib / ngircd.service

diff --git a/contrib/ngircd.service b/contrib/ngircd.service
index b5bab060b1f69d807c96a52ff1bfbff186c71a5f..e4c30e2525407b4523452792e695ab145d136b22 100644 (file)
--- a/contrib/ngircd.service
+++ b/contrib/ngircd.service
@@ -1,11 +1,43 @@
+# ngIRCd systemd service unit.
+# See systemd(1), systemd.unit(5), systemd.service(5), systemd.exec(5).
+
 [Unit]
 Description=Next Generation IRC Daemon
+Documentation=man:ngircd(8) man:ngircd.conf(5) https://ngircd.barton.de
 After=network.target
+Wants=anope.service atheme.service irc-services.service
+Wants=bopm.service
+Before=anope.service atheme.service irc-services.service
+Before=bopm.service
 
 [Service]
-# don't daemonize to simplify stuff
-ExecStart=/usr/sbin/ngircd -n
+Type=forking
+User=irc
+Group=irc
+# Settings & limits:
+CapabilityBoundingSet=CAP_SYS_CHROOT CAP_NET_BIND_SERVICE
+MemoryDenyWriteExecute=yes
+NoNewPrivileges=yes
+PrivateDevices=yes
+PrivateTmp=yes
+ProtectControlGroups=yes
+ProtectHome=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+ProtectSystem=full
+RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
+RestrictRealtime=yes
+RuntimeDirectory=ircd
+RuntimeDirectoryMode=750
+# Try to load "default files" from any Debian package variant to keep this
+# unit generic.
+EnvironmentFile=-/etc/default/ngircd
+EnvironmentFile=-/etc/default/ngircd-full
+EnvironmentFile=-/etc/default/ngircd-full-dbg
+# Start ngIRCd. Note: systemd doesn't allow to use $DAEMON here!
+ExecStart=/usr/sbin/ngircd $PARAMS
 ExecReload=/bin/kill -HUP $MAINPID
+Restart=on-failure
 
 [Install]
 WantedBy=multi-user.target