resources/phd/phorge-phd@.service at upstream/main

@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge

phorge phabricator

fork atom

phorge / resources / phd / phorge-phd@.service

at upstream/main 36 lines 898 B view raw

wrap content

amy bones phd: unit startup and hardening improvements 8mo ago

88c580da

 1[Unit]
 2Description=Phorge Daemons
 3Documentation=https://we.phorge.it/book/phorge/article/managing_daemons/
 4# Want this so that there is a greater chance phd will start up successfully
 5# when mysql is on a remote host.
 6Wants=network-online.target
 7After=local-fs.target network-online.target syslog.socket
 8
 9[Service]
10Type=forking
11Environment=PHABRICATOR_ENV=%I
12EnvironmentFile=/etc/phorge/environment
13EnvironmentFile=-/etc/phorge/%I.env
14User=daemon-user
15Group=daemon-user
16ExecStart="${PHORGE_ROOT}/bin/phd" start
17ExecReload="${PHORGE_ROOT}/bin/phd" reload
18ExecStop="${PHORGE_ROOT}/bin/phd" stop
19
20Restart=on-failure
21
22ProtectHome=tmpfs
23ProtectHostname=yes
24ProtectKernelLogs=yes
25ProtectKernelModules=yes
26ProtectKernelTunables=yes
27ProtectSystem=full
28ProtectProc=invisible
29ProtectControlGroups=strict
30PrivateDevices=yes
31PrivateIPC=yes
32PrivateTmp=yes
33PrivateUsers=yes
34
35[Install]
36WantedBy=multi-user.target