bc4a139 systemd: Clean up default service configurations — heartwood

Radicle Heartwood Protocol & Stack

systemd: Clean up default service configurations

✗ CI failure Lorenz Leutgeb committed 8 months ago

commit bc4a13902ca80b1c496ab65670c0526141663e9e
parent 25decf16175682bb3ab22f05a309d02bc4a22bf6

3 passed 1 failed (4 total) View logs

2 files changed +43 -23

modified systemd/system/radicle-node.service

@@ -1,16 +1,13 @@

 # Example systemd unit file for `radicle-node`.
 # Example systemd system service unit configuration file for `radicle-node`.
 #
 # When running radicle-node on a server, it should be run as a separate user.
 # When running radicle-node for just one user, e.g. on a laptop,
 # it should be run as a user service, see `../user/*.service`.
 #
 # Copy this file into /etc/systemd/system and set the User/Group parameters
 # under [Service] appropriately, as well as the `RAD_HOME` environment variable.
 # For more information on how to install and configure this service,
 # please read:
 #
 # If your Radicle key is passphrase-protected, you will have to set the
 # `RAD_PASSPHRASE` environment variable to the passphrase supplied during
 # `rad auth`, eg.
 #
 #   [Service]
 #   Environment=RAD_PASSPHRASE=snickerdoodle
 # https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html
 # https://www.freedesktop.org/software/systemd/man/latest/systemd.service.html
 #
 [Unit]
 Description=Radicle Node

@@ -18,10 +15,7 @@ After=network.target network-online.target

 Requires=network-online.target
 [Service]
 User=seed
 Group=seed
 ExecStart=/usr/local/bin/radicle-node --listen 0.0.0.0:8776 --force
 Environment=RAD_HOME=/home/seed/.radicle RUST_BACKTRACE=1 RUST_LOG=info
 KillMode=process
 Restart=always
 RestartSec=3

@@ -31,5 +25,19 @@ ProtectSystem=strict

 NoNewPrivileges=true
 MemoryDenyWriteExecute=true
 # If your Radicle key is passphrase-protected, you will have to set the
 # `RAD_PASSPHRASE` environment variable to the passphrase supplied during
 # `rad auth`.
 #Environment=RAD_PASSPHRASE=snickerdoodle
 # Basic hardening options. For more, please refer to `systemd-analyze security`.
 PrivateTmp=true
 ProtectSystem=strict
 NoNewPrivileges=true
 MemoryDenyWriteExecute=true
 User=seed
 Group=seed
 [Install]
 WantedBy=multi-user.target

modified systemd/user/radicle-node.service

@@ -1,20 +1,21 @@

 # When running radicle-node on a server, it should be run as a separate user.
 # If your Radicle key is passphrase-protected, you will have to set the
 # `RAD_PASSPHRASE` environment variable to the passphrase supplied during
 # `rad auth`.
 # Use `systemctl --user edit radicle-node.service` to add
 # Example systemd user service unit configuration file for `radicle-node`.
 #
 # When running radicle-node on a server, it should be run as
 # a system service by a separate user, see `../system/*.service`.
 #
 # For more information on how to install and configure this service,
 # please read:
 #
 # https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html
 # https://www.freedesktop.org/software/systemd/man/latest/systemd.service.html
 #
 #   [Service]
 #   Environment=RAD_PASSPHRASE=snickerdoodle
 [Unit]
 Description=Radicle Node
 After=network.target network-online.target
 Requires=network-online.target
 [Service]
 ExecStart=/usr/bin/radicle-node --listen 0.0.0.0:8776 --force
 Environment=RUST_LOG=info
 ExecStart=/usr/bin/radicle-node --log
 KillMode=process
 Restart=always
 RestartSec=3

@@ -23,5 +24,16 @@ PrivateTmp=true

 ProtectHome=true
 MemoryDenyWriteExecute=true
 # If your Radicle key is passphrase-protected, you will have to set the
 # `RAD_PASSPHRASE` environment variable to the passphrase supplied during
 # `rad auth`.
 #Environment=RAD_PASSPHRASE=snickerdoodle
 Environment=RAD_HOME=/home/seed/.radicle RUST_BACKTRACE=1
 # Basic hardening options. For more, please refer to `systemd-analyze security`.
 PrivateTmp=true
 ProtectHome=true
 MemoryDenyWriteExecute=true
 [Install]
 WantedBy=default.target