You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
82 lines
2.1 KiB
82 lines
2.1 KiB
# It is not recommended to modify this file in-place, because it will |
|
# be overwritten during package upgrades. If you want to add further |
|
# options or overwrite existing ones then use |
|
# $ systemctl edit bitcoind.service |
|
# See "man systemd.service" for details. |
|
|
|
# Note that almost all daemon options could be specified in |
|
# /etc/bitcoin/bitcoin.conf, but keep in mind those explicitly |
|
# specified as arguments in ExecStart= will override those in the |
|
# config file. |
|
|
|
[Unit] |
|
Description=Bitcoin daemon |
|
Documentation=https://github.com/bitcoin/bitcoin/blob/master/doc/init.md |
|
|
|
# https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/ |
|
After=network-online.target |
|
Wants=network-online.target |
|
|
|
[Service] |
|
ExecStart=/usr/bin/bitcoind -daemonwait \ |
|
-pid=/run/bitcoind/bitcoind.pid \ |
|
-conf=/etc/bitcoin/bitcoin.conf \ |
|
-datadir=/var/lib/bitcoind |
|
|
|
# Make sure the config directory is readable by the service user |
|
PermissionsStartOnly=true |
|
ExecStartPre=/bin/chgrp bitcoin /etc/bitcoin |
|
|
|
# Process management |
|
#################### |
|
|
|
Type=forking |
|
PIDFile=/run/bitcoind/bitcoind.pid |
|
Restart=on-failure |
|
TimeoutStartSec=infinity |
|
TimeoutStopSec=600 |
|
|
|
# Directory creation and permissions |
|
#################################### |
|
|
|
# Run as bitcoin:bitcoin |
|
User=bitcoin |
|
Group=bitcoin |
|
|
|
# /run/bitcoind |
|
RuntimeDirectory=bitcoind |
|
RuntimeDirectoryMode=0710 |
|
|
|
# /etc/bitcoin |
|
ConfigurationDirectory=bitcoin |
|
ConfigurationDirectoryMode=0710 |
|
|
|
# /var/lib/bitcoind |
|
StateDirectory=bitcoind |
|
StateDirectoryMode=0710 |
|
|
|
# Hardening measures |
|
#################### |
|
|
|
# Provide a private /tmp and /var/tmp. |
|
PrivateTmp=true |
|
|
|
# Mount /usr, /boot/ and /etc read-only for the process. |
|
ProtectSystem=full |
|
|
|
# Deny access to /home, /root and /run/user |
|
ProtectHome=true |
|
|
|
# Disallow the process and all of its children to gain |
|
# new privileges through execve(). |
|
NoNewPrivileges=true |
|
|
|
# Use a new /dev namespace only populated with API pseudo devices |
|
# such as /dev/null, /dev/zero and /dev/random. |
|
PrivateDevices=true |
|
|
|
# Deny the creation of writable and executable memory mappings. |
|
MemoryDenyWriteExecute=true |
|
|
|
[Install] |
|
WantedBy=multi-user.target
|
|
|