2 files changed, 39 insertions, 0 deletions

diff --git a/distro/common/cz.nic.knotd.conf b/distro/common/cz.nic.knotd.conf
new file mode 100644
index 0000000..50af87a
--- /dev/null
+++ b/distro/common/cz.nic.knotd.conf
@@ -0,0 +1,9 @@
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+  <policy user="knot">
+    <allow own="cz.nic.knotd" />
+  </policy>
+  <policy context="default">
+    <allow receive_sender="cz.nic.knotd" />
+  </policy>
+</busconfig>
diff --git a/distro/common/knot.service b/distro/common/knot.service
new file mode 100644
index 0000000..e6c13ed
--- /dev/null
+++ b/distro/common/knot.service
@@ -0,0 +1,30 @@
+[Unit]
+Description=Knot DNS server
+Wants=network-online.target
+After=network-online.target
+Documentation=man:knotd(8) man:knot.conf(5) man:knotc(8)
+
+[Service]
+Type=notify
+User=knot
+Group=knot
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETPCAP
+AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_SETPCAP
+ExecStartPre=/usr/sbin/knotc conf-check
+ExecStart=/usr/sbin/knotd -m "$KNOT_CONF_MAX_SIZE"
+ExecReload=/bin/kill -HUP $MAINPID
+Restart=on-abort
+LimitNOFILE=1048576
+TimeoutStopSec=300
+# Extend the systemd startup timeout by this value (seconds) for each zone
+Environment="KNOT_ZONE_LOAD_TIMEOUT_SEC=180"
+# Maximum size (MiB) of a configuration database
+Environment="KNOT_CONF_MAX_SIZE=512"
+
+# Expected systemd >= v239
+RuntimeDirectory=knot
+StateDirectory=knot
+NoNewPrivileges=yes
+
+[Install]
+WantedBy=multi-user.target