veilid/package/systemd/veilid-server.service

# /etc/systemd/system/veilid-server.service

[Unit]
Description=Veilid Headless Node
Requires=network-online.target
After=network-online.target

[Service]
Type=simple
Environment=RUST_BACKTRACE=1
ExecStart=/usr/bin/veilid-server -c /etc/veilid-server/veilid-server.conf
ExecReload=/bin/kill -s HUP $MAINPID
KillSignal=SIGQUIT
TimeoutStopSec=5
WorkingDirectory=/
User=veilid
Group=veilid
UMask=0002

CapabilityBoundingSet=
SystemCallFilter=@system-service
MemoryDenyWriteExecute=true
NoNewPrivileges=true
PrivateDevices=true
PrivateTmp=true
PrivateUsers=true
ProtectHome=true
ProtectClock=true
ProtectControlGroups=true
ProtectKernelLogs=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectProc=invisible
ProtectSystem=strict
ReadWritePaths=/var/db/veilid-server
ConfigurationDirectory=veilid-server

RestrictRealtime=true
SystemCallArchitectures=native
LockPersonality=true
RestrictSUIDSGID=true

[Install]
WantedBy=multi-user.target
refactoring, more config, packaging 2022-05-16 11:52:48 -04:00			`# /etc/systemd/system/veilid-server.service`

			`[Unit]`
update release build 2023-06-16 19:58:06 -04:00			`Description=Veilid Headless Node`
refactoring, more config, packaging 2022-05-16 11:52:48 -04:00			`Requires=network-online.target`
			`After=network-online.target`

			`[Service]`
receipt rework and discovery rework 2022-05-28 10:07:57 -04:00			`Type=simple`
update release build 2023-06-16 19:58:06 -04:00			`Environment=RUST_BACKTRACE=1`
Some light hardening of veilid-server standalone node via systemd 2023-09-13 16:27:42 -04:00			`ExecStart=/usr/bin/veilid-server -c /etc/veilid-server/veilid-server.conf`
refactoring, more config, packaging 2022-05-16 11:52:48 -04:00			`ExecReload=/bin/kill -s HUP $MAINPID`
			`KillSignal=SIGQUIT`
			`TimeoutStopSec=5`
receipt rework and discovery rework 2022-05-28 10:07:57 -04:00			`WorkingDirectory=/`
			`User=veilid`
			`Group=veilid`
attempt to correct IPC path group permissions on systemd service 2024-08-06 17:58:27 -04:00			`UMask=0002`
refactoring, more config, packaging 2022-05-16 11:52:48 -04:00
Some light hardening of veilid-server standalone node via systemd 2023-09-13 16:27:42 -04:00			`CapabilityBoundingSet=`
			`SystemCallFilter=@system-service`
			`MemoryDenyWriteExecute=true`
			`NoNewPrivileges=true`
			`PrivateDevices=true`
			`PrivateTmp=true`
			`PrivateUsers=true`
			`ProtectHome=true`
			`ProtectClock=true`
			`ProtectControlGroups=true`
			`ProtectKernelLogs=true`
			`ProtectKernelModules=true`
			`ProtectKernelTunables=true`
			`ProtectProc=invisible`
			`ProtectSystem=strict`
			`ReadWritePaths=/var/db/veilid-server`
			`ConfigurationDirectory=veilid-server`

			`RestrictRealtime=true`
			`SystemCallArchitectures=native`
			`LockPersonality=true`
			`RestrictSUIDSGID=true`

refactoring, more config, packaging 2022-05-16 11:52:48 -04:00			`[Install]`
Some light hardening of veilid-server standalone node via systemd 2023-09-13 16:27:42 -04:00			`WantedBy=multi-user.target`