mirror of
https://github.com/netbirdio/netbird.git
synced 2024-12-24 15:48:52 +01:00
parent
5ffed796c0
commit
5a3ee4f9c4
3
release_files/systemd/env
Normal file
3
release_files/systemd/env
Normal file
@ -0,0 +1,3 @@
|
||||
# Extra flags you might want to pass to the daemon
|
||||
FLAGS=""
|
||||
|
41
release_files/systemd/netbird-management.service
Normal file
41
release_files/systemd/netbird-management.service
Normal file
@ -0,0 +1,41 @@
|
||||
[Unit]
|
||||
Description=Netbird Management
|
||||
Documentation=https://netbird.io/docs
|
||||
After=network-online.target syslog.target
|
||||
Wants=network-online.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
EnvironmentFile=-/etc/default/netbird-management
|
||||
ExecStart=/usr/bin/netbird-mgmt management $FLAGS
|
||||
Restart=on-failure
|
||||
RestartSec=5
|
||||
TimeoutStopSec=10
|
||||
CacheDirectory=netbird
|
||||
ConfigurationDirectory=netbird
|
||||
LogDirectory=netbird
|
||||
RuntimeDirectory=netbird
|
||||
StateDirectory=netbird
|
||||
|
||||
# sandboxing
|
||||
LockPersonality=yes
|
||||
MemoryDenyWriteExecute=yes
|
||||
NoNewPrivileges=yes
|
||||
PrivateMounts=yes
|
||||
PrivateTmp=yes
|
||||
ProtectClock=yes
|
||||
ProtectControlGroups=yes
|
||||
ProtectHome=yes
|
||||
ProtectHostname=yes
|
||||
ProtectKernelLogs=yes
|
||||
ProtectKernelModules=yes
|
||||
ProtectKernelTunables=yes
|
||||
ProtectSystem=yes
|
||||
RemoveIPC=yes
|
||||
RestrictNamespaces=yes
|
||||
RestrictRealtime=yes
|
||||
RestrictSUIDSGID=yes
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
41
release_files/systemd/netbird-signal.service
Normal file
41
release_files/systemd/netbird-signal.service
Normal file
@ -0,0 +1,41 @@
|
||||
[Unit]
|
||||
Description=Netbird Signal
|
||||
Documentation=https://netbird.io/docs
|
||||
After=network-online.target syslog.target
|
||||
Wants=network-online.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
EnvironmentFile=-/etc/default/netbird-signal
|
||||
ExecStart=/usr/bin/netbird-signal run $FLAGS
|
||||
Restart=on-failure
|
||||
RestartSec=5
|
||||
TimeoutStopSec=10
|
||||
CacheDirectory=netbird
|
||||
ConfigurationDirectory=netbird
|
||||
LogDirectory=netbird
|
||||
RuntimeDirectory=netbird
|
||||
StateDirectory=netbird
|
||||
|
||||
# sandboxing
|
||||
LockPersonality=yes
|
||||
MemoryDenyWriteExecute=yes
|
||||
NoNewPrivileges=yes
|
||||
PrivateMounts=yes
|
||||
PrivateTmp=yes
|
||||
ProtectClock=yes
|
||||
ProtectControlGroups=yes
|
||||
ProtectHome=yes
|
||||
ProtectHostname=yes
|
||||
ProtectKernelLogs=yes
|
||||
ProtectKernelModules=yes
|
||||
ProtectKernelTunables=yes
|
||||
ProtectSystem=yes
|
||||
RemoveIPC=yes
|
||||
RestrictNamespaces=yes
|
||||
RestrictRealtime=yes
|
||||
RestrictSUIDSGID=yes
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
41
release_files/systemd/netbird@.service
Normal file
41
release_files/systemd/netbird@.service
Normal file
@ -0,0 +1,41 @@
|
||||
[Unit]
|
||||
Description=Netbird Client (%i)
|
||||
Documentation=https://netbird.io/docs
|
||||
After=network-online.target syslog.target NetworkManager.service
|
||||
Wants=network-online.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
EnvironmentFile=-/etc/default/netbird
|
||||
ExecStart=/usr/bin/netbird service run --log-file /var/log/netbird/client-%i.log --config /etc/netbird/%i.json --daemon-addr unix:///var/run/netbird/%i.sock $FLAGS
|
||||
Restart=on-failure
|
||||
RestartSec=5
|
||||
TimeoutStopSec=10
|
||||
CacheDirectory=netbird
|
||||
ConfigurationDirectory=netbird
|
||||
LogDirectory=netbird
|
||||
RuntimeDirectory=netbird
|
||||
StateDirectory=netbird
|
||||
|
||||
# sandboxing
|
||||
LockPersonality=yes
|
||||
MemoryDenyWriteExecute=yes
|
||||
NoNewPrivileges=yes
|
||||
PrivateMounts=yes
|
||||
PrivateTmp=yes
|
||||
ProtectClock=yes
|
||||
ProtectControlGroups=yes
|
||||
ProtectHome=yes
|
||||
ProtectHostname=yes
|
||||
ProtectKernelLogs=yes
|
||||
ProtectKernelModules=no # needed to load wg module for kernel-mode WireGuard
|
||||
ProtectKernelTunables=no
|
||||
ProtectSystem=yes
|
||||
RemoveIPC=yes
|
||||
RestrictNamespaces=yes
|
||||
RestrictRealtime=yes
|
||||
RestrictSUIDSGID=yes
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
Loading…
Reference in New Issue
Block a user