mirror of
https://github.com/bitcoin/bitcoin.git
synced 2025-01-10 11:57:28 -03:00
689a65d878
1. Make logs available to journalctl (systemd's logging system) by not
specifying -daemonwait, which rightfully has its own set of stdout
and stderr descriptors (a user invoking with -daemonwait on the
command line should not see any logs). It makes more sense not to
daemonize in the systemd context anyway.
2. Make systemd aware of when bitcoind is started and in steady state by
specifying -startupnotify='systemd-notify --ready' and Type=notify.
NotifyAccess=all is necessary so that the spawned thread for
startupnotify is allowed to inform systemd of bitcoind's readiness.
Note that NotifyAccess=exec won't work because it only allows
sd_notify readiness signalling from Exec*= declarations in the
.service file.
3. Also make systemd aware of when bitcoind is stopping by specifying
-shutdownnotify='systemd-notify --stopping'
Note that we currently don't allow multiple *notify commands, but users
can override it in systemd via:
# systemctl edit bitcoind
By specifying something like:
[Service]
ExecStart=/usr/bin/bitcoind -pid=/run/bitcoind/bitcoind.pid \
-conf=/etc/bitcoin/bitcoin.conf \
-datadir=/var/lib/bitcoind \
-startupnotify='systemd-notify --ready; mystartupcommandhere' \
-shutdownnotify='systemd-notify --stopping; myshutdowncommandhere'
85 lines
2.2 KiB
Desktop File
85 lines
2.2 KiB
Desktop File
# It is not recommended to modify this file in-place, because it will
|
|
# be overwritten during package upgrades. If you want to add further
|
|
# options or overwrite existing ones then use
|
|
# $ systemctl edit bitcoind.service
|
|
# See "man systemd.service" for details.
|
|
|
|
# Note that almost all daemon options could be specified in
|
|
# /etc/bitcoin/bitcoin.conf, but keep in mind those explicitly
|
|
# specified as arguments in ExecStart= will override those in the
|
|
# config file.
|
|
|
|
[Unit]
|
|
Description=Bitcoin daemon
|
|
Documentation=https://github.com/bitcoin/bitcoin/blob/master/doc/init.md
|
|
|
|
# https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/
|
|
After=network-online.target
|
|
Wants=network-online.target
|
|
|
|
[Service]
|
|
ExecStart=/usr/bin/bitcoind -pid=/run/bitcoind/bitcoind.pid \
|
|
-conf=/etc/bitcoin/bitcoin.conf \
|
|
-datadir=/var/lib/bitcoind \
|
|
-startupnotify='systemd-notify --ready' \
|
|
-shutdownnotify='systemd-notify --stopping'
|
|
|
|
# Make sure the config directory is readable by the service user
|
|
PermissionsStartOnly=true
|
|
ExecStartPre=/bin/chgrp bitcoin /etc/bitcoin
|
|
|
|
# Process management
|
|
####################
|
|
|
|
Type=notify
|
|
NotifyAccess=all
|
|
PIDFile=/run/bitcoind/bitcoind.pid
|
|
|
|
Restart=on-failure
|
|
TimeoutStartSec=infinity
|
|
TimeoutStopSec=600
|
|
|
|
# Directory creation and permissions
|
|
####################################
|
|
|
|
# Run as bitcoin:bitcoin
|
|
User=bitcoin
|
|
Group=bitcoin
|
|
|
|
# /run/bitcoind
|
|
RuntimeDirectory=bitcoind
|
|
RuntimeDirectoryMode=0710
|
|
|
|
# /etc/bitcoin
|
|
ConfigurationDirectory=bitcoin
|
|
ConfigurationDirectoryMode=0710
|
|
|
|
# /var/lib/bitcoind
|
|
StateDirectory=bitcoind
|
|
StateDirectoryMode=0710
|
|
|
|
# Hardening measures
|
|
####################
|
|
|
|
# Provide a private /tmp and /var/tmp.
|
|
PrivateTmp=true
|
|
|
|
# Mount /usr, /boot/ and /etc read-only for the process.
|
|
ProtectSystem=full
|
|
|
|
# Deny access to /home, /root and /run/user
|
|
ProtectHome=true
|
|
|
|
# Disallow the process and all of its children to gain
|
|
# new privileges through execve().
|
|
NoNewPrivileges=true
|
|
|
|
# Use a new /dev namespace only populated with API pseudo devices
|
|
# such as /dev/null, /dev/zero and /dev/random.
|
|
PrivateDevices=true
|
|
|
|
# Deny the creation of writable and executable memory mappings.
|
|
MemoryDenyWriteExecute=true
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|