Last active
September 25, 2021 21:45
-
-
Save christiankakesa/7b6248cfbe11928918ae2c85a98ddb26 to your computer and use it in GitHub Desktop.
SystemD file for Avalanche node
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Unit] | |
| Description=AvalancheGo | |
| Wants=network-online.target | |
| After=network.target network-online.target | |
| [Service] | |
| User=ubuntu | |
| Group=ubuntu | |
| WorkingDirectory=/home/ubuntu/go/src/github.com/ava-labs/avalanchego | |
| ExecStart=/home/ubuntu/go/src/github.com/ava-labs/avalanchego/build/avalanchego | |
| KillMode=process | |
| LimitNOFILE=65536 | |
| StandardOutput=syslog | |
| StandardError=syslog | |
| SyslogIdentifier=AvalancheGo | |
| Restart=on-failure | |
| RestartSec=10 | |
| # Hardening measures | |
| #################### | |
| # Provide a private /tmp and /var/tmp. | |
| PrivateTmp=true | |
| # Mount /usr, /boot/ and /etc read-only for the process. | |
| ProtectSystem=full | |
| # Deny access to /home, /root and /run/user | |
| # ProtectHome=true | |
| # Disallow the process and all of its children to gain | |
| # new privileges through execve(). | |
| NoNewPrivileges=true | |
| # Use a new /dev namespace only populated with API pseudo devices | |
| # such as /dev/null, /dev/zero and /dev/random. | |
| PrivateDevices=true | |
| # Deny the creation of writable and executable memory mappings. | |
| MemoryDenyWriteExecute=true | |
| [Install] | |
| WantedBy=multi-user.target |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment