mirror of
https://github.com/gogrlx/nats-server.git
synced 2026-04-02 03:38:42 -07:00
66 lines
1.5 KiB
Desktop File
66 lines
1.5 KiB
Desktop File
[Unit]
|
|
Description=NATS Server
|
|
After=network.target ntp.service
|
|
|
|
[Service]
|
|
Type=simple
|
|
ExecStart=/usr/sbin/nats-server -c /etc/nats-server.conf
|
|
ExecReload=/bin/kill -s HUP $MAINPID
|
|
ExecStop=/bin/kill -s SIGINT $MAINPID
|
|
User=nats
|
|
Group=nats
|
|
# The nats-server uses SIGUSR2 to trigger using Lame Duck Mode (LDM) shutdown
|
|
KillSignal=SIGUSR2
|
|
# You might want to adjust TimeoutStopSec too.
|
|
|
|
# Hardening
|
|
CapabilityBoundingSet=
|
|
# JetStream requires 2 FDs open per stream.
|
|
LimitNOFILE=800000
|
|
LockPersonality=true
|
|
MemoryDenyWriteExecute=true
|
|
NoNewPrivileges=true
|
|
PrivateDevices=true
|
|
PrivateTmp=true
|
|
PrivateUsers=true
|
|
ProcSubset=pid
|
|
ProtectClock=true
|
|
ProtectControlGroups=true
|
|
ProtectHome=true
|
|
ProtectHostname=true
|
|
ProtectKernelLogs=true
|
|
ProtectKernelModules=true
|
|
ProtectKernelTunables=true
|
|
ProtectSystem=strict
|
|
ReadOnlyPaths=
|
|
RestrictAddressFamilies=AF_INET AF_INET6
|
|
RestrictNamespaces=true
|
|
RestrictRealtime=true
|
|
RestrictSUIDSGID=true
|
|
SystemCallFilter=@system-service ~@privileged ~@resources
|
|
UMask=0077
|
|
|
|
# If you have systemd >= 247
|
|
ProtectProc=invisible
|
|
|
|
# If you have systemd >= 248
|
|
PrivateIPC=true
|
|
|
|
# Optional: writable directory for JetStream.
|
|
ReadWritePaths=/var/lib/nats
|
|
|
|
# Optional: resource control.
|
|
# Replace weights by values that make sense for your situation.
|
|
# For a list of all options see:
|
|
# https://www.freedesktop.org/software/systemd/man/systemd.resource-control.html
|
|
#CPUAccounting=true
|
|
#CPUWeight=100 # of 10000
|
|
#IOAccounting=true
|
|
#IOWeight=100 # of 10000
|
|
#MemoryAccounting=true
|
|
#MemoryMax=1GB
|
|
#IPAccounting=true
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|