summaryrefslogtreecommitdiff
path: root/contrib/djbdns/tinydns.service
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/djbdns/tinydns.service')
-rw-r--r--contrib/djbdns/tinydns.service44
1 files changed, 44 insertions, 0 deletions
diff --git a/contrib/djbdns/tinydns.service b/contrib/djbdns/tinydns.service
new file mode 100644
index 00000000..2fcf9d2a
--- /dev/null
+++ b/contrib/djbdns/tinydns.service
@@ -0,0 +1,44 @@
+#
+# Replace /var/lib/djbdns if needed
+#
+
+[Unit]
+Description=tinydns DNS resolver
+Documentation=man:tinydns
+Documentation=https://cr.yp.to/djbdns.html
+After=network.target
+Requires=network.target
+Wants=network.target
+ConditionPathExists=/var/lib/djbdns
+
+[Service]
+Type=forking
+PIDFile=/run/tinydns.pid
+Environment="ROOT=/var/lib/djbdns"
+ExecStart=/usr/bin/tinydns
+ExecStop=-/sbin/start-stop-daemon --quiet --stop --retry=TERM/5/KILL/5 --pidfile /run/tinydns.pid
+TimeoutStopSec=30
+KillMode=mixed
+
+PermissionsStartOnly=true
+Restart=on-abnormal
+RestartSec=2s
+LimitNOFILE=65536
+
+WorkingDirectory=/var/lib/djbdns
+User=$ug_name
+Group=$ug_name
+
+# Hardening
+# CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_CHOWN CAP_FOWNER
+NoNewPrivileges=yes
+PrivateDevices=yes
+PrivateTmp=yes
+ProtectHome=yes
+ProtectSystem=full
+# TODO: restrict ReadOnlyDirectories
+ReadOnlyDirectories=/
+ReadWriteDirectories=-/var/lib/djbdns
+
+[Install]
+WantedBy=multi-user.target
View Lorry Controller Status