43 lines
944 B
Plaintext
43 lines
944 B
Plaintext
[Unit]
|
|
Description=Flo backend daemon
|
|
After=network.target
|
|
|
|
[Service]
|
|
ExecStart=/opt/coins/nodes/flo/bin/flod -datadir=/opt/coins/data/flo/backend -conf=/opt/coins/nodes/flo/flo.conf -pid=/run/flo/flo.pid
|
|
User=flo
|
|
Restart=on-failure
|
|
TimeoutStopSec=300
|
|
WorkingDirectory=/opt/coins/nodes/flo
|
|
Type=forking
|
|
RuntimeDirectory=flo
|
|
PIDFile=/run/flo/flo.pid
|
|
|
|
|
|
|
|
# Resource limits
|
|
LimitNOFILE=500000
|
|
|
|
# Hardening measures
|
|
####################
|
|
|
|
# Provide a private /tmp and /var/tmp.
|
|
PrivateTmp=true
|
|
|
|
# Mount /usr, /boot/ and /etc read-only for the process.
|
|
ProtectSystem=full
|
|
|
|
# Disallow the process and all of its children to gain
|
|
# new privileges through execve().
|
|
NoNewPrivileges=true
|
|
|
|
# Use a new /dev namespace only populated with API pseudo devices
|
|
# such as /dev/null, /dev/zero and /dev/random.
|
|
PrivateDevices=true
|
|
|
|
# Deny the creation of writable and executable memory mappings.
|
|
MemoryDenyWriteExecute=true
|
|
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|