raylee · March 18, 2021 19:08
diff --git a/icbm.service b/icbm.service
 # /etc/systemd/system/icbm.service

 [Unit]
 Description=Internet Connected Beverage Monitor data server
 Documentation=https://lunarville.org
 Wants=network.target
 After=network.target

 [Service]
 Type=simple
 # re-evaluate DynamicUser with the new state options detailed here: http://0pointer.net/blog/dynamic-users-with-systemd.html
 DynamicUser=no
 User=icbm
 ExecStart=/home/svc/icbm/icbm
 Restart=always
 RestartSec=3
 CapabilityBoundingSet=CAP_NET_BIND_SERVICE
 AmbientCapabilities=CAP_NET_BIND_SERVICE
 NoNewPrivileges=true
 # ~ means use the home directory from /etc/passwd
 WorkingDirectory=~
 ExecStart=/home/svc/icbm/icbm -opt1=abc -opt2=xyz
 ExecReload=/bin/kill -SIGUSR1 $MAINPID
 Restart=on-failure

 [Install]
 WantedBy=multi-user.target
diff --git a/install.sh b/install.sh
 # all via https://paulgorman.org/technical/blog/20171121184114.html

 # add a user and directory for the service (under Ray's filesystem standard, a root-owned /home/svc umbrella directory for services)
 adduser --system --disabled-password --disabled-login --home /home/svc/icbm --quiet --force-badname --group icbm

 go build
 chown icbm.icbm $executable
 cp $executable /home/svc/icbm/icbm

 # start the service
 systemctl daemon-reload
 systemctl start icbm

 # show stdout from service
 journalctl -u icbm

 # show stderr from service
 journalctl -f -u icbm

 # enable the service so it'll be started at boot
 systemctl enable icbm
	# /etc/systemd/system/icbm.service

	[Unit]
	Description=Internet Connected Beverage Monitor data server
	Documentation=https://lunarville.org
	Wants=network.target
	After=network.target

	[Service]
	Type=simple
	# re-evaluate DynamicUser with the new state options detailed here: http://0pointer.net/blog/dynamic-users-with-systemd.html
	DynamicUser=no
	User=icbm
	ExecStart=/home/svc/icbm/icbm
	Restart=always
	RestartSec=3
	CapabilityBoundingSet=CAP_NET_BIND_SERVICE
	AmbientCapabilities=CAP_NET_BIND_SERVICE
	NoNewPrivileges=true
	# ~ means use the home directory from /etc/passwd
	WorkingDirectory=~
	ExecStart=/home/svc/icbm/icbm -opt1=abc -opt2=xyz
	ExecReload=/bin/kill -SIGUSR1 $MAINPID
	Restart=on-failure

	[Install]
	WantedBy=multi-user.target
	# all via https://paulgorman.org/technical/blog/20171121184114.html

	# add a user and directory for the service (under Ray's filesystem standard, a root-owned /home/svc umbrella directory for services)
	adduser --system --disabled-password --disabled-login --home /home/svc/icbm --quiet --force-badname --group icbm

	go build
	chown icbm.icbm $executable
	cp $executable /home/svc/icbm/icbm

	# start the service
	systemctl daemon-reload
	systemctl start icbm

	# show stdout from service
	journalctl -u icbm

	# show stderr from service
	journalctl -f -u icbm

	# enable the service so it'll be started at boot
	systemctl enable icbm