iankelling.org Git - distro-setup/blob - filesystem/etc/systemd/system/bitcoind.service

   1 # iank: copied from /a/opt/bitcoin/contrib/init/bitcoind.service
   2 # for sources as of 2024-04-22
   3
   4 # It is not recommended to modify this file in-place, because it will
   5 # be overwritten during package upgrades. If you want to add further
   6 # options or overwrite existing ones then use
   7 # $ systemctl edit bitcoind.service
   8 # See "man systemd.service" for details.
   9
  10 # Note that almost all daemon options could be specified in
  11 # /etc/bitcoin/bitcoin.conf, but keep in mind those explicitly
  12 # specified as arguments in ExecStart= will override those in the
  13 # config file.
  14
  15 [Unit]
  16 Description=Bitcoin daemon
  17 Documentation=https://github.com/bitcoin/bitcoin/blob/master/doc/init.md
  18
  19 # https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/
  20 After=network-online.target
  21 Wants=network-online.target
  22
  23 [Service]
  24 # iank: on a laptop, when it is doing its catchup, it tends to jump
  25 # between 100% and 180% cpu and makes the fan spin annoyingly.
  26 # 50% still had annoying fan spin. trying out 20%
  27 CPUQuota=20%
  28 ExecStart=/usr/bin/bitcoind -pid=/run/bitcoind/bitcoind.pid \
  29                             -conf=/etc/bitcoin/bitcoin.conf \
  30                             -datadir=/var/lib/bitcoind \
  31                             -startupnotify='systemd-notify --ready' \
  32                             -shutdownnotify='systemd-notify --stopping'
  33
  34 # Make sure the config directory is readable by the service user
  35 PermissionsStartOnly=true
  36 ExecStartPre=/bin/chgrp bitcoin /etc/bitcoin
  37
  38 # Process management
  39 ####################
  40
  41 Type=notify
  42 NotifyAccess=all
  43 PIDFile=/run/bitcoind/bitcoind.pid
  44
  45 Restart=on-failure
  46 TimeoutStartSec=infinity
  47 TimeoutStopSec=600
  48
  49 # Directory creation and permissions
  50 ####################################
  51
  52 # Run as bitcoin:bitcoin
  53 User=bitcoin
  54 Group=bitcoin
  55
  56 # /run/bitcoind
  57 RuntimeDirectory=bitcoind
  58 RuntimeDirectoryMode=0710
  59
  60 # /etc/bitcoin
  61 ConfigurationDirectory=bitcoin
  62 ConfigurationDirectoryMode=0710
  63
  64 # /var/lib/bitcoind
  65 StateDirectory=bitcoind
  66 StateDirectoryMode=0710
  67
  68 # Hardening measures
  69 ####################
  70
  71 # Provide a private /tmp and /var/tmp.
  72 PrivateTmp=true
  73
  74 # Mount /usr, /boot/ and /etc read-only for the process.
  75 ProtectSystem=full
  76
  77 # Deny access to /home, /root and /run/user
  78 ProtectHome=true
  79
  80 # Disallow the process and all of its children to gain
  81 # new privileges through execve().
  82 NoNewPrivileges=true
  83
  84 # Use a new /dev namespace only populated with API pseudo devices
  85 # such as /dev/null, /dev/zero and /dev/random.
  86 PrivateDevices=true
  87
  88 # Deny the creation of writable and executable memory mappings.
  89 MemoryDenyWriteExecute=true
  90
  91 # Restrict ABIs to help ensure MemoryDenyWriteExecute is enforced
  92 SystemCallArchitectures=native
  93
  94 [Install]
  95 WantedBy=multi-user.target