From 861ffa1b80fff101f86276d819d6b4434c960e40 Mon Sep 17 00:00:00 2001
From: AJ ONeal <aj@daplie.com>
Date: Wed, 1 Nov 2017 22:15:17 -0600
Subject: [PATCH] add systemd launch file

---
 dist/etc/systemd/system/digd.js.service | 61 +++++++++++++++++++++++++
 1 file changed, 61 insertions(+)
 create mode 100644 dist/etc/systemd/system/digd.js.service

diff --git a/dist/etc/systemd/system/digd.js.service b/dist/etc/systemd/system/digd.js.service
new file mode 100644
index 0000000..bdc0825
--- /dev/null
+++ b/dist/etc/systemd/system/digd.js.service
@@ -0,0 +1,61 @@
+[Unit]
+Description=digd.js - A lightweight DNS server in node.js.
+Documentation=https://git.coolaj86.com/coolaj86/digd.js
+After=network-online.target
+Wants=network-online.target systemd-networkd-wait-online.service
+
+[Service]
+# Restart on crash (bad signal), but not on 'clean' failure (error exit code)
+# Allow up to 3 restarts within 10 seconds
+# (it's unlikely that a user or properly-running script will do this)
+Restart=on-abnormal
+StartLimitInterval=10
+StartLimitBurst=3
+
+# User and group the process will run as
+# (git is the de facto standard on most systems)
+User=digd
+Group=digd
+
+WorkingDirectory=/opt/digd
+# custom directory cannot be set and will be the place where gitea exists, not the working directory
+ExecStart=/opt/digd/bin/digd.js --config /srv/digd.js/db.json
+ExecReload=/bin/kill -USR1 $MAINPID
+
+# Limit the number of file descriptors and processes; see `man systemd.exec` for more limit settings.
+# Unmodified gitea is not expected to use more than this.
+LimitNOFILE=1048576
+LimitNPROC=64
+
+# Use private /tmp and /var/tmp, which are discarded after gitea stops.
+PrivateTmp=true
+# Use a minimal /dev
+PrivateDevices=true
+# Hide /home, /root, and /run/user. Nobody will steal your SSH-keys.
+ProtectHome=true
+# Make /usr, /boot, /etc and possibly some more folders read-only.
+ProtectSystem=full
+# ... except /opt/gitea because we want a place for the database
+# and /var/log/gitea because we want a place where logs can go.
+# This merely retains r/w access rights, it does not add any new.
+# Must still be writable on the host!
+ReadWriteDirectories=/opt/digd.js /srv/digd.js /var/log/digd.js
+
+# Note: in v231 and above ReadWritePaths has been renamed to ReadWriteDirectories
+; ReadWritePaths=/opt/digd.js /srv/digd.js /var/log/digd.js
+
+# The following additional security directives only work with systemd v229 or later.
+# They further retrict privileges that can be gained by gitea.
+# Note that you may have to add capabilities required by any plugins in use.
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+NoNewPrivileges=true
+
+# Caveat: Some features may need additional capabilities.
+# For example an "upload" may need CAP_LEASE
+; CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_LEASE
+; AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_LEASE
+; NoNewPrivileges=true
+
+[Install]
+WantedBy=multi-user.target