remove systemd options which are not valid for user, remove pre-templated files

usr/share/dist/Library/LaunchDaemons/cloud.telebit.remote.plist

@@ -1,61 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
-<plist version="1.0">
-<dict>
-	<key>Label</key>
-	<string>Telebit Remote</string>
-	<key>ProgramArguments</key>
-	<array>
-		<string>/opt/telebit/bin/node</string>
-		<string>/opt/telebit/bin/telebitd.js</string>
-		<string>daemon</string>
-		<string>--config</string>
-    <string>/opt/telebit/etc/telebitd.yml</string>
-	</array>
-	<key>EnvironmentVariables</key>
-	<dict>
-		<key>TELEBIT_PATH</key>
-		<string>/opt/telebit</string>
-		<key>NODE_PATH</key>
-		<string>/opt/telebit/lib/node_modules</string>
-		<key>NPM_CONFIG_PREFIX</key>
-		<string>/opt/telebit</string>
-	</dict>
-
-	<key>UserName</key>
-	<string>root</string>
-	<key>GroupName</key>
-	<string>wheel</string>
-	<key>InitGroups</key>
-	<true/>
-
-	<key>RunAtLoad</key>
-	<true/>
-	<key>KeepAlive</key>
-	<true/>
-	<!--dict>
-		<key>Crashed</key>
-		<true/>
-		<key>NetworkState</key>
-		<true/>
-		<key>SuccessfulExit</key>
-		<false/>
-	</dict-->
-
-	<key>SoftResourceLimits</key>
-	<dict>
-		<key>NumberOfFiles</key>
-		<integer>8192</integer>
-	</dict>
-	<key>HardResourceLimits</key>
-	<dict/>
-
-	<key>WorkingDirectory</key>
-  <string>/opt/telebit</string>
-
-	<key>StandardErrorPath</key>
-  <string>/opt/telebit/var/log/error.log</string>
-	<key>StandardOutPath</key>
-  <string>/opt/telebit/var/log/info.log</string>
-</dict>
-</plist>

usr/share/dist/etc/skel/.config/systemd/user/telebit.service

@@ -1,61 +0,0 @@
-# Pre-req
-# sudo adduser telebit --home /opt/telebit
-# sudo mkdir -p /opt/telebit/
-# sudo chown -R telebit:telebit /opt/telebit/
-
-[Unit]
-Description=Telebit Remote
-Documentation=https://git.coolaj86.com/coolaj86/telebit.js/
-
-[Service]
-# Restart on crash (bad signal), but not on 'clean' failure (error exit code)
-# Allow up to 3 restarts within 10 seconds
-# (it's unlikely that a user or properly-running script will do this)
-Restart=always
-StartLimitInterval=10
-StartLimitBurst=3
-
-# https://wiki.archlinux.org/index.php/Systemd/User
-# ~/.local/share/systemd/user/
-WorkingDirectory=%h/.config/telebit
-# custom directory cannot be set and will be the place where gitea exists, not the working directory
-ExecStart=/opt/telebit/bin/node /opt/telebit/bin/telebit.js --config /etc/telebit/telebit.yml
-ExecReload=/bin/kill -USR1 $MAINPID
-
-# Limit the number of file descriptors and processes; see `man systemd.exec` for more limit settings.
-# Unmodified gitea is not expected to use more than this.
-LimitNOFILE=1048576
-LimitNPROC=64
-
-# Use private /tmp and /var/tmp, which are discarded after gitea stops.
-PrivateTmp=true
-# Use a minimal /dev
-PrivateDevices=true
-# Hide /home, /root, and /run/user. Nobody will steal your SSH-keys.
-ProtectHome=true
-# Make /usr, /boot, /etc and possibly some more folders read-only.
-ProtectSystem=full
-# ... except /opt/gitea because we want a place for the database
-# and /var/log/gitea because we want a place where logs can go.
-# This merely retains r/w access rights, it does not add any new.
-# Must still be writable on the host!
-ReadWriteDirectories=/opt/telebit /etc/telebit
-
-# Note: in v231 and above ReadWritePaths has been renamed to ReadWriteDirectories
-; ReadWritePaths=/opt/telebit /etc/telebit
-
-# The following additional security directives only work with systemd v229 or later.
-# They further retrict privileges that can be gained by gitea.
-# Note that you may have to add capabilities required by any plugins in use.
-CapabilityBoundingSet=CAP_NET_BIND_SERVICE
-AmbientCapabilities=CAP_NET_BIND_SERVICE
-NoNewPrivileges=true
-
-# Caveat: Some features may need additional capabilities.
-# For example an "upload" may need CAP_LEASE
-; CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_LEASE
-; AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_LEASE
-; NoNewPrivileges=true
-
-[Install]
-WantedBy=multi-user.target

usr/share/dist/etc/skel/.config/systemd/user/telebit.service.tpl

@@ -18,8 +18,8 @@ StartLimitInterval=10
 StartLimitBurst=3
 
 # User and group the process will run as
-#User={TELEBIT_USER}
-#Group={TELEBIT_GROUP}
+;User={TELEBIT_USER}
+;Group={TELEBIT_GROUP}
 
 WorkingDirectory={TELEBIT_PATH}
 # custom directory cannot be set and will be the place where this exists, not the working directory
@@ -34,7 +34,7 @@ LimitNPROC=64
 # Use private /tmp and /var/tmp, which are discarded after this stops.
 PrivateTmp=true
 # Use a minimal /dev
-PrivateDevices=true
+;PrivateDevices=true
 # Hide /home, /root, and /run/user. Nobody will steal your SSH-keys.
 ProtectHome=true
 # Make /usr, /boot, /etc and possibly some more folders read-only.
@@ -52,7 +52,7 @@ ReadWriteDirectories={TELEBIT_RW_DIRS}
 # Note that you may have to add capabilities required by any plugins in use.
 ;CapabilityBoundingSet=CAP_NET_BIND_SERVICE
 ;AmbientCapabilities=CAP_NET_BIND_SERVICE
-;NoNewPrivileges=true
+NoNewPrivileges=true
 
 # Caveat: Some features may need additional capabilities.
 # For example an "upload" may need CAP_LEASE

usr/share/dist/etc/systemd/system/telebit.service

@@ -1,65 +0,0 @@
-# Pre-req
-# sudo adduser telebit --home /opt/telebit
-# sudo mkdir -p /opt/telebit/
-# sudo chown -R telebit:telebit /opt/telebit/
-
-[Unit]
-Description=Telebit Remote
-Documentation=https://git.coolaj86.com/coolaj86/telebit.js/
-After=network-online.target
-Wants=network-online.target systemd-networkd-wait-online.service
-
-[Service]
-# Restart on crash (bad signal), but not on 'clean' failure (error exit code)
-# Allow up to 3 restarts within 10 seconds
-# (it's unlikely that a user or properly-running script will do this)
-Restart=always
-StartLimitInterval=10
-StartLimitBurst=3
-
-# User and group the process will run as
-# (git is the de facto standard on most systems)
-User=telebit
-Group=telebit
-
-WorkingDirectory=/opt/telebit
-# custom directory cannot be set and will be the place where this exists, not the working directory
-ExecStart=/opt/telebit/bin/node /opt/telebit/bin/telebitd.js daemon --config /opt/telebit/etc/telebitd.yml
-ExecReload=/bin/kill -USR1 $MAINPID
-
-# Limit the number of file descriptors and processes; see `man systemd.exec` for more limit settings.
-# Unmodified, this is not expected to use more than this.
-LimitNOFILE=1048576
-LimitNPROC=64
-
-# Use private /tmp and /var/tmp, which are discarded after this stops.
-PrivateTmp=true
-# Use a minimal /dev
-PrivateDevices=true
-# Hide /home, /root, and /run/user. Nobody will steal your SSH-keys.
-ProtectHome=true
-# Make /usr, /boot, /etc and possibly some more folders read-only.
-ProtectSystem=full
-# ... except /opt/telebit because we want a place for config, logs, etc
-# This merely retains r/w access rights, it does not add any new.
-# Must still be writable on the host!
-ReadWriteDirectories=/opt/telebit
-
-# Note: in v231 and above ReadWritePaths has been renamed to ReadWriteDirectories
-; ReadWritePaths=/opt/telebit
-
-# The following additional security directives only work with systemd v229 or later.
-# They further retrict privileges that can be gained.
-# Note that you may have to add capabilities required by any plugins in use.
-CapabilityBoundingSet=CAP_NET_BIND_SERVICE
-AmbientCapabilities=CAP_NET_BIND_SERVICE
-NoNewPrivileges=true
-
-# Caveat: Some features may need additional capabilities.
-# For example an "upload" may need CAP_LEASE
-; CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_LEASE
-; AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_LEASE
-; NoNewPrivileges=true
-
-[Install]
-WantedBy=multi-user.target