netbird/release_files/systemd/netbird-signal.service

42 lines
830 B
SYSTEMD
Raw Normal View History

[Unit]
Description=Netbird Signal
Documentation=https://netbird.io/docs
After=network-online.target syslog.target
Wants=network-online.target
[Service]
Type=simple
EnvironmentFile=-/etc/default/netbird-signal
ExecStart=/usr/bin/netbird-signal run $FLAGS
Restart=on-failure
RestartSec=5
TimeoutStopSec=10
CacheDirectory=netbird
ConfigurationDirectory=netbird
LogsDirectory=netbird
RuntimeDirectory=netbird
StateDirectory=netbird
# sandboxing
LockPersonality=yes
MemoryDenyWriteExecute=yes
NoNewPrivileges=yes
PrivateMounts=yes
PrivateTmp=yes
ProtectClock=yes
ProtectControlGroups=yes
ProtectHome=yes
ProtectHostname=yes
ProtectKernelLogs=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectSystem=yes
RemoveIPC=yes
RestrictNamespaces=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
[Install]
WantedBy=multi-user.target