From e510cef208827cdd73485ebe438fde8ca2fa6d90 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=94=D0=B0=D0=BC=D1=98=D0=B0=D0=BD=20=D0=93=D0=B5=D0=BE?= =?UTF-8?q?=D1=80=D0=B3=D0=B8=D0=B5=D0=B2=D1=81=D0=BA=D0=B8?= Date: Mon, 20 Mar 2023 17:09:23 +0100 Subject: [PATCH] add an example systemd service file The service file will run `/usr/bin/soju --config /etc/soju/config`. By default it'll run as a dynamically created `soju` user and group (DynamicUser=yes), and it will run in a constrained environment[1], only having write access to /var/lib/soju and /run/soju If the admin creates a static `soju` user and group, those static uid/gid will be used, with the same service constraints. This can be useful to share the static `soju` group with other services, so they can access the soju logs and database even if the service is not running (or before it's running). The procedure for the initial user and database scaffold still works normally, when run as `root`: ``` mkdir /var/lib/soju/ sojudb -config /etc/soju/config create-user myname -admin ``` NOTE: systemd will automatically change the ownership of files in /var/lib/soju/ when the service is started. `sojuctl` will work for root, or with `sudo -u soju`, just normally. References: - [1] https://www.freedesktop.org/software/systemd/man/systemd.exec.html#DynamicUser= --- contrib/soju.service | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 contrib/soju.service diff --git a/contrib/soju.service b/contrib/soju.service new file mode 100644 index 0000000..5c65b1d --- /dev/null +++ b/contrib/soju.service @@ -0,0 +1,21 @@ +[Unit] +Description=soju IRC bouncer service +Documentation=https://soju.im/ +Documentation=man:soju(1) man:sojuctl(1) +Wants=network-online.target +After=network-online.target + +[Service] +Type=simple +User=soju +Group=soju +DynamicUser=yes +StateDirectory=soju +ConfigurationDirectory=soju +RuntimeDirectory=soju +ExecStart=/usr/bin/soju +ExecReload=/bin/kill -HUP $MAINPID +Restart=on-failure + +[Install] +WantedBy=multi-user.target