mirror of
https://github.com/bol-van/zapret2.git
synced 2026-03-14 06:13:09 +00:00
63 lines
1.4 KiB
Desktop File
63 lines
1.4 KiB
Desktop File
# Example systemd service unit for nfqws. Adjust for your installation.
|
|
|
|
# WARNING ! This unit requires to compile nfqws using `make systemd`
|
|
# WARNING ! This makefile target enables special systemd notify support.
|
|
|
|
# PREPARE
|
|
# install build depends
|
|
# make -C /opt/zapret2 systemd
|
|
# cp nfqws2\@.service /lib/systemd/system
|
|
# systemctl daemon-reload
|
|
|
|
# MANAGE INSTANCE
|
|
# prepare /etc/zapret2/nfqws1.conf with nfqws parameters
|
|
# systemctl start nfqws2@nfqws1
|
|
# systemctl status nfqws2@nfqws1
|
|
# systemctl restart nfqws2@nfqws1
|
|
# systemctl enable nfqws2@nfqws1
|
|
# systemctl disable nfqws2@nfqws1
|
|
# systemctl stop nfqws2@nfqws1
|
|
|
|
# DELETE
|
|
# rm /lib/systemd/system/nfqws@.service
|
|
# systemctl daemon-reload
|
|
|
|
|
|
[Unit]
|
|
After=network.target
|
|
|
|
[Service]
|
|
Type=notify
|
|
Restart=on-failure
|
|
|
|
ExecSearchPath=/opt/zapret2/nfq2
|
|
ExecStart=nfqws2 @${CONFIG_DIR}/${INSTANCE}.conf
|
|
Environment=CONFIG_DIR=/etc/zapret2
|
|
Environment=INSTANCE=%i
|
|
|
|
RestrictAddressFamilies=AF_NETLINK AF_UNIX AF_INET6 AF_INET
|
|
|
|
LockPersonality=true
|
|
MemoryDenyWriteExecute=true
|
|
PrivateDevices=true
|
|
PrivateMounts=true
|
|
PrivateTmp=true
|
|
ProcSubset=pid
|
|
ProtectClock=true
|
|
ProtectControlGroups=true
|
|
ProtectHome=true
|
|
ProtectHostname=true
|
|
ProtectKernelLogs=true
|
|
ProtectKernelModules=true
|
|
ProtectKernelTunables=true
|
|
ProtectProc=invisible
|
|
ProtectSystem=full
|
|
RemoveIPC=true
|
|
RestrictNamespaces=true
|
|
RestrictRealtime=true
|
|
RestrictSUIDSGID=true
|
|
UMask=0077
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|