# It is not recommended to modify this file in-place, because it will
# be overwritten during package upgrades. If you want to add further
# options or overwrite existing ones then use
# $ systemctl edit ethereum.service
# See "man systemd.service" for details.

[Unit]
Description=Ethereum daemon (mainnet)
After=network.target

[Service]
ExecStart=/bin/sh -c '/opt/coins/nodes/ethereum/geth --ipcdisable --syncmode full --cache 1024 --nat none --datadir /opt/coins/data/ethereum/backend --port 38336 --ws --wsaddr 0.0.0.0 --wsport 8036 --wsorigins "*" --rpc --rpcport 8136 -rpcaddr 0.0.0.0 --rpccorsdomain "*" --rpcvhosts "*" 2>>/opt/coins/data/ethereum/backend/ethereum.log'
User=ethereum
Type=simple
Restart=on-failure
WorkingDirectory=/opt/coins/nodes/ethereum

# Resource limits
LimitNOFILE=500000

# Hardening measures
####################

# Provide a private /tmp and /var/tmp.
PrivateTmp=true

# Mount /usr, /boot/ and /etc read-only for the process.
ProtectSystem=full

# Disallow the process and all of its children to gain
# new privileges through execve().
NoNewPrivileges=true

# Use a new /dev namespace only populated with API pseudo devices
# such as /dev/null, /dev/zero and /dev/random.
PrivateDevices=true

# Deny the creation of writable and executable memory mappings.
MemoryDenyWriteExecute=true

[Install]
WantedBy=multi-user.target