summary refs log tree commit diff
path: root/contrib
diff options
context:
space:
mode:
authorAlexander Barton <alex@barton.de>2017-01-06 00:34:51 +0100
committerAlexander Barton <alex@barton.de>2017-01-06 00:34:51 +0100
commitf0532c98cd2fcd1443f8f80ed45772d56bf4cd9e (patch)
tree3b99010ad06e8da917214ac8b1b592f2df7ab7c8 /contrib
parent9e0e955daf57b997792ca55a236498694ce634e2 (diff)
downloadngircd-f0532c98cd2fcd1443f8f80ed45772d56bf4cd9e.tar.gz
ngircd-f0532c98cd2fcd1443f8f80ed45772d56bf4cd9e.zip
Enhance systemd service file
- Add homepage :-)
- Remote CAP_SETUID and CAP_SETGID from CapabilityBoundingSet: This is
  nor needed, because the unit already sets User=irc and Group=irc.
- Add RestrictAddressFamilies, and restrict it to AF_INET and AF_INET6.
- Read in the Debian "default files", but note: only PARAMS is supported!
Diffstat (limited to 'contrib')
-rw-r--r--contrib/ngircd.service10
1 files changed, 7 insertions, 3 deletions
diff --git a/contrib/ngircd.service b/contrib/ngircd.service
index 35bc6bdb..bfaddc91 100644
--- a/contrib/ngircd.service
+++ b/contrib/ngircd.service
@@ -1,21 +1,25 @@
 [Unit]
 Description=Next Generation IRC Daemon
-Documentation=man:ngircd(8) man:ngircd.conf(5)
+Documentation=man:ngircd(8) man:ngircd.conf(5) https://ngircd.barton.de
 After=network.target
 
 [Service]
 Type=forking
 User=irc
 Group=irc
-CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_SYS_CHROOT CAP_NET_BIND_SERVICE
+CapabilityBoundingSet=CAP_SYS_CHROOT CAP_NET_BIND_SERVICE
 PrivateTmp=yes
 PrivateDevices=yes
 ProtectSystem=full
 ProtectHome=true
 NoNewPrivileges=true
+RestrictAddressFamilies=AF_INET AF_INET6
 RuntimeDirectory=ircd
 RuntimeDirectoryMode=750
-ExecStart=/usr/sbin/ngircd
+EnvironmentFile=-/etc/default/ngircd
+EnvironmentFile=-/etc/default/ngircd-full
+EnvironmentFile=-/etc/default/ngircd-full-dbg
+ExecStart=/usr/sbin/ngircd $PARAMS
 ExecReload=/bin/kill -HUP $MAINPID
 Restart=on-failure