Enhance systemd service file
authorAlexander Barton <alex@barton.de>
Thu, 5 Jan 2017 23:34:51 +0000 (00:34 +0100)
committerAlexander Barton <alex@barton.de>
Thu, 5 Jan 2017 23:34:51 +0000 (00:34 +0100)
- Add homepage :-)
- Remote CAP_SETUID and CAP_SETGID from CapabilityBoundingSet: This is
  nor needed, because the unit already sets User=irc and Group=irc.
- Add RestrictAddressFamilies, and restrict it to AF_INET and AF_INET6.
- Read in the Debian "default files", but note: only PARAMS is supported!

contrib/ngircd.service

index 35bc6bd..bfaddc9 100644 (file)
@@ -1,21 +1,25 @@
 [Unit]
 Description=Next Generation IRC Daemon
-Documentation=man:ngircd(8) man:ngircd.conf(5)
+Documentation=man:ngircd(8) man:ngircd.conf(5) https://ngircd.barton.de
 After=network.target
 
 [Service]
 Type=forking
 User=irc
 Group=irc
-CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_SYS_CHROOT CAP_NET_BIND_SERVICE
+CapabilityBoundingSet=CAP_SYS_CHROOT CAP_NET_BIND_SERVICE
 PrivateTmp=yes
 PrivateDevices=yes
 ProtectSystem=full
 ProtectHome=true
 NoNewPrivileges=true
+RestrictAddressFamilies=AF_INET AF_INET6
 RuntimeDirectory=ircd
 RuntimeDirectoryMode=750
-ExecStart=/usr/sbin/ngircd
+EnvironmentFile=-/etc/default/ngircd
+EnvironmentFile=-/etc/default/ngircd-full
+EnvironmentFile=-/etc/default/ngircd-full-dbg
+ExecStart=/usr/sbin/ngircd $PARAMS
 ExecReload=/bin/kill -HUP $MAINPID
 Restart=on-failure