| 12345678910111213141516171819202122232425262728293031323334353637383940414243 |
- # ngIRCd systemd service unit.
- # See systemd(1), systemd.unit(5), systemd.service(5), systemd.exec(5).
- [Unit]
- Description=Next Generation IRC Daemon
- Documentation=man:ngircd(8) man:ngircd.conf(5) https://ngircd.barton.de
- After=network.target
- Wants=anope.service atheme.service irc-services.service
- Wants=bopm.service
- Before=anope.service atheme.service irc-services.service
- Before=bopm.service
- [Service]
- Type=forking
- User=irc
- Group=irc
- # Settings & limits:
- CapabilityBoundingSet=CAP_SYS_CHROOT CAP_NET_BIND_SERVICE
- MemoryDenyWriteExecute=yes
- NoNewPrivileges=yes
- PrivateDevices=yes
- PrivateTmp=yes
- ProtectControlGroups=yes
- ProtectHome=yes
- ProtectKernelModules=yes
- ProtectKernelTunables=yes
- ProtectSystem=full
- RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
- RestrictRealtime=yes
- RuntimeDirectory=ircd
- RuntimeDirectoryMode=750
- # Try to load "default files" from any Debian package variant to keep this
- # unit generic.
- EnvironmentFile=-/etc/default/ngircd
- EnvironmentFile=-/etc/default/ngircd-full
- EnvironmentFile=-/etc/default/ngircd-full-dbg
- # Start ngIRCd. Note: systemd doesn't allow to use $DAEMON here!
- ExecStart=/usr/sbin/ngircd $PARAMS
- ExecReload=/bin/kill -HUP $MAINPID
- Restart=on-failure
- [Install]
- WantedBy=multi-user.target
|
