Add systemd .service files (#1316) (#1318)

Add systemd .service files
This commit is contained in:
hg 2023-11-24 01:15:07 +06:00 committed by GitHub
parent 5ffed796c0
commit 5a3ee4f9c4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 126 additions and 0 deletions

View File

@ -0,0 +1,3 @@
# Extra flags you might want to pass to the daemon
FLAGS=""

View File

@ -0,0 +1,41 @@
[Unit]
Description=Netbird Management
Documentation=https://netbird.io/docs
After=network-online.target syslog.target
Wants=network-online.target
[Service]
Type=simple
EnvironmentFile=-/etc/default/netbird-management
ExecStart=/usr/bin/netbird-mgmt management $FLAGS
Restart=on-failure
RestartSec=5
TimeoutStopSec=10
CacheDirectory=netbird
ConfigurationDirectory=netbird
LogDirectory=netbird
RuntimeDirectory=netbird
StateDirectory=netbird
# sandboxing
LockPersonality=yes
MemoryDenyWriteExecute=yes
NoNewPrivileges=yes
PrivateMounts=yes
PrivateTmp=yes
ProtectClock=yes
ProtectControlGroups=yes
ProtectHome=yes
ProtectHostname=yes
ProtectKernelLogs=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectSystem=yes
RemoveIPC=yes
RestrictNamespaces=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
[Install]
WantedBy=multi-user.target

View File

@ -0,0 +1,41 @@
[Unit]
Description=Netbird Signal
Documentation=https://netbird.io/docs
After=network-online.target syslog.target
Wants=network-online.target
[Service]
Type=simple
EnvironmentFile=-/etc/default/netbird-signal
ExecStart=/usr/bin/netbird-signal run $FLAGS
Restart=on-failure
RestartSec=5
TimeoutStopSec=10
CacheDirectory=netbird
ConfigurationDirectory=netbird
LogDirectory=netbird
RuntimeDirectory=netbird
StateDirectory=netbird
# sandboxing
LockPersonality=yes
MemoryDenyWriteExecute=yes
NoNewPrivileges=yes
PrivateMounts=yes
PrivateTmp=yes
ProtectClock=yes
ProtectControlGroups=yes
ProtectHome=yes
ProtectHostname=yes
ProtectKernelLogs=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectSystem=yes
RemoveIPC=yes
RestrictNamespaces=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
[Install]
WantedBy=multi-user.target

View File

@ -0,0 +1,41 @@
[Unit]
Description=Netbird Client (%i)
Documentation=https://netbird.io/docs
After=network-online.target syslog.target NetworkManager.service
Wants=network-online.target
[Service]
Type=simple
EnvironmentFile=-/etc/default/netbird
ExecStart=/usr/bin/netbird service run --log-file /var/log/netbird/client-%i.log --config /etc/netbird/%i.json --daemon-addr unix:///var/run/netbird/%i.sock $FLAGS
Restart=on-failure
RestartSec=5
TimeoutStopSec=10
CacheDirectory=netbird
ConfigurationDirectory=netbird
LogDirectory=netbird
RuntimeDirectory=netbird
StateDirectory=netbird
# sandboxing
LockPersonality=yes
MemoryDenyWriteExecute=yes
NoNewPrivileges=yes
PrivateMounts=yes
PrivateTmp=yes
ProtectClock=yes
ProtectControlGroups=yes
ProtectHome=yes
ProtectHostname=yes
ProtectKernelLogs=yes
ProtectKernelModules=no # needed to load wg module for kernel-mode WireGuard
ProtectKernelTunables=no
ProtectSystem=yes
RemoveIPC=yes
RestrictNamespaces=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
[Install]
WantedBy=multi-user.target