nothub · August 11, 2024 17:26
diff --git a/minecraft.service b/minecraft.service
 [Unit]
 Description=Minecraft Server (Paper)
 After=network.target

 [Service]
 Type=exec

 Sockets=paper.socket
 StandardInput=socket
 StandardOutput=journal
 StandardError=journal

 WorkingDirectory=/opt/paper/
 ReadWritePaths=/opt/paper/

 User=mc
 Group=mc

 # hardening
 ProtectSystem=strict
 ProtectControlGroups=yes
 PrivateDevices=yes
 ProtectHome=yes
 ProtectKernelLogs=yes
 ProtectKernelModules=yes
 ProtectKernelTunables=yes
 PrivateTmp=yes
 RemoveIPC=yes
 RestrictSUIDSGID=yes

 Restart=always

 # sleep delay prior to restart
 RestartSec=10

 # maximum time until startup completion is required
 TimeoutStartSec=300

 ExecStart=/usr/bin/java \
    -Xms8G \
    -Xmx8G \
    -XX:+AlwaysPreTouch \
    -XX:+DisableExplicitGC \
    -XX:+ParallelRefProcEnabled \
    -XX:+PerfDisableSharedMem \
    -XX:+UnlockExperimentalVMOptions \
    -XX:+UseG1GC \
    -XX:G1HeapRegionSize=8M \
    -XX:G1HeapWastePercent=5 \
    -XX:G1MaxNewSizePercent=40 \
    -XX:G1MixedGCCountTarget=4 \
    -XX:G1MixedGCLiveThresholdPercent=90 \
    -XX:G1NewSizePercent=30 \
    -XX:G1RSetUpdatingPauseTimePercent=5 \
    -XX:G1ReservePercent=20 \
    -XX:InitiatingHeapOccupancyPercent=15 \
    -XX:MaxGCPauseMillis=200 \
    -XX:MaxTenuringThreshold=1 \
    -XX:SurvivorRatio=32 \
    -Dusing.aikars.flags=https://mcflags.emc.gs \
    -Daikars.new.flags=true \
    -DPaper.skipServerPropertiesComments=true \
    -Dcom.mojang.eula.agree=true \
    -jar paper.jar nogui

 [Install]

 # When the service starts, it should happen after the system and network are ready, that is why we declare this relation.
 # https://unix.stackexchange.com/questions/506347/why-do-most-systemd-examples-contain-wantedby-multi-user-target/506374#506374
 WantedBy=multi-user.target
diff --git a/paper.socket b/paper.socket
 [Socket]
 ListenFIFO=/opt/paper/console.stdin
 Service=paper.service
	[Unit]
	Description=Minecraft Server (Paper)
	After=network.target

	[Service]
	Type=exec

	Sockets=paper.socket
	StandardInput=socket
	StandardOutput=journal
	StandardError=journal

	WorkingDirectory=/opt/paper/
	ReadWritePaths=/opt/paper/

	User=mc
	Group=mc

	# hardening
	ProtectSystem=strict
	ProtectControlGroups=yes
	PrivateDevices=yes
	ProtectHome=yes
	ProtectKernelLogs=yes
	ProtectKernelModules=yes
	ProtectKernelTunables=yes
	PrivateTmp=yes
	RemoveIPC=yes
	RestrictSUIDSGID=yes

	Restart=always

	# sleep delay prior to restart
	RestartSec=10

	# maximum time until startup completion is required
	TimeoutStartSec=300

	ExecStart=/usr/bin/java \
	-Xms8G \
	-Xmx8G \
	-XX:+AlwaysPreTouch \
	-XX:+DisableExplicitGC \
	-XX:+ParallelRefProcEnabled \
	-XX:+PerfDisableSharedMem \
	-XX:+UnlockExperimentalVMOptions \
	-XX:+UseG1GC \
	-XX:G1HeapRegionSize=8M \
	-XX:G1HeapWastePercent=5 \
	-XX:G1MaxNewSizePercent=40 \
	-XX:G1MixedGCCountTarget=4 \
	-XX:G1MixedGCLiveThresholdPercent=90 \
	-XX:G1NewSizePercent=30 \
	-XX:G1RSetUpdatingPauseTimePercent=5 \
	-XX:G1ReservePercent=20 \
	-XX:InitiatingHeapOccupancyPercent=15 \
	-XX:MaxGCPauseMillis=200 \
	-XX:MaxTenuringThreshold=1 \
	-XX:SurvivorRatio=32 \
	-Dusing.aikars.flags=https://mcflags.emc.gs \
	-Daikars.new.flags=true \
	-DPaper.skipServerPropertiesComments=true \
	-Dcom.mojang.eula.agree=true \
	-jar paper.jar nogui

	[Install]

	# When the service starts, it should happen after the system and network are ready, that is why we declare this relation.
	# https://unix.stackexchange.com/questions/506347/why-do-most-systemd-examples-contain-wantedby-multi-user-target/506374#506374
	WantedBy=multi-user.target
	[Socket]
	ListenFIFO=/opt/paper/console.stdin
	Service=paper.service