iankelling.org Git - distro-setup/blob - filesystem/etc/systemd/system/bitcoind.service

   1 # iank: copied from /a/opt/bitcoin/contrib/init/bitcoind.service
   2 # for sources as of 2022-11-14
   3
   4 # It is not recommended to modify this file in-place, because it will
   5 # be overwritten during package upgrades. If you want to add further
   6 # options or overwrite existing ones then use
   7 # $ systemctl edit bitcoind.service
   8 # See "man systemd.service" for details.
   9
  10 # Note that almost all daemon options could be specified in
  11 # /etc/bitcoin/bitcoin.conf, but keep in mind those explicitly
  12 # specified as arguments in ExecStart= will override those in the
  13 # config file.
  14
  15 [Unit]
  16 Description=Bitcoin daemon
  17 Documentation=https://github.com/bitcoin/bitcoin/blob/master/doc/init.md
  18
  19 # https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/
  20 After=network-online.target
  21 Wants=network-online.target
  22
  23 [Service]
  24 # iank: on a laptop, when it is doing its catchup, it tends to jump
  25 # between 100% and 180% cpu and makes the fan spin annoyingly. Randomly
  26 # trying out 50% to see if it will make the fan quieter.
  27 CPUQuota=50%
  28 ExecStart=/usr/bin/bitcoind -daemonwait \
  29                             -pid=/run/bitcoind/bitcoind.pid \
  30                             -conf=/etc/bitcoin/bitcoin.conf \
  31                             -datadir=/var/lib/bitcoind
  32
  33 # Make sure the config directory is readable by the service user
  34 PermissionsStartOnly=true
  35 ExecStartPre=/bin/chgrp bitcoin /etc/bitcoin
  36
  37 # Process management
  38 ####################
  39
  40 Type=forking
  41 PIDFile=/run/bitcoind/bitcoind.pid
  42 Restart=on-failure
  43 TimeoutStartSec=infinity
  44 TimeoutStopSec=600
  45
  46 # Directory creation and permissions
  47 ####################################
  48
  49 # Run as bitcoin:bitcoin
  50 User=bitcoin
  51 Group=bitcoin
  52
  53 # /run/bitcoind
  54 RuntimeDirectory=bitcoind
  55 RuntimeDirectoryMode=0710
  56
  57 # /etc/bitcoin
  58 ConfigurationDirectory=bitcoin
  59 ConfigurationDirectoryMode=0710
  60
  61 # /var/lib/bitcoind
  62 StateDirectory=bitcoind
  63 StateDirectoryMode=0710
  64
  65 # Hardening measures
  66 ####################
  67
  68 # Provide a private /tmp and /var/tmp.
  69 PrivateTmp=true
  70
  71 # Mount /usr, /boot/ and /etc read-only for the process.
  72 ProtectSystem=full
  73
  74 # Deny access to /home, /root and /run/user
  75 ProtectHome=true
  76
  77 # Disallow the process and all of its children to gain
  78 # new privileges through execve().
  79 NoNewPrivileges=true
  80
  81 # Use a new /dev namespace only populated with API pseudo devices
  82 # such as /dev/null, /dev/zero and /dev/random.
  83 PrivateDevices=true
  84
  85 # Deny the creation of writable and executable memory mappings.
  86 MemoryDenyWriteExecute=true
  87
  88 [Install]
  89 WantedBy=multi-user.target