58 lines
1.2 KiB
Desktop File
58 lines
1.2 KiB
Desktop File
[Unit]
|
|
Description=IPFS Daemon
|
|
Documentation=https://docs.ipfs.io/
|
|
After=network.target
|
|
|
|
[Service]
|
|
# hardening
|
|
ReadWritePaths=/home/ipfs /mnt/ipfs
|
|
NoNewPrivileges=true
|
|
ProtectSystem=strict
|
|
ProtectKernelTunables=true
|
|
ProtectKernelModules=true
|
|
ProtectKernelLogs=true
|
|
PrivateDevices=true
|
|
DevicePolicy=closed
|
|
ProtectControlGroups=true
|
|
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
|
|
ProtectHostname=true
|
|
PrivateTmp=true
|
|
ProtectClock=true
|
|
LockPersonality=true
|
|
RestrictNamespaces=true
|
|
RestrictRealtime=true
|
|
MemoryDenyWriteExecute=true
|
|
SystemCallArchitectures=native
|
|
SystemCallFilter=@system-service
|
|
SystemCallFilter=~@privileged
|
|
#ProtectHome=true
|
|
RemoveIPC=true
|
|
RestrictSUIDSGID=true
|
|
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
|
|
|
|
LimitNOFILE=8192
|
|
#LimitNice=10
|
|
MemoryAccounting=true
|
|
#MemoryHigh=768M
|
|
#MemoryMax=1024M
|
|
MemorySwapMax=0
|
|
CPUAccounting=true
|
|
CPUQuota=40%
|
|
TimeoutStartSec=infinity
|
|
|
|
Type=notify
|
|
Environment="IPFS_PATH=/mnt/ipfs"
|
|
Environment=IPFS_LOGGING="error"
|
|
Environment=IPFS_FD_MAX=8192
|
|
ExecStart=/home/ipfs/.local/bin/ipfs daemon --init --enable-gc --migrate
|
|
User=ipfs
|
|
Group=ipfs
|
|
StateDirectory=ipfs
|
|
Restart=always
|
|
RestartSec=60
|
|
KillMode=process
|
|
KillSignal=SIGINT
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|