diff options
Diffstat (limited to 'packaging/systemd/rsync.service')
| -rw-r--r-- | packaging/systemd/rsync.service | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/packaging/systemd/rsync.service b/packaging/systemd/rsync.service new file mode 100644 index 0000000..8a867ca --- /dev/null +++ b/packaging/systemd/rsync.service @@ -0,0 +1,32 @@ +[Unit] +Description=fast remote file copy program daemon +ConditionPathExists=/etc/rsyncd.conf +After=network.target +Documentation=man:rsync(1) man:rsyncd.conf(5) + +[Service] +ExecStart=/usr/bin/rsync --daemon --no-detach +RestartSec=1 +Restart=on-failure + +# Citing README.md: +# +# [...] Using ssh is recommended for its security features. +# +# Alternatively, rsync can run in `daemon' mode, listening on a socket. +# This is generally used for public file distribution, [...] +# +# So let's assume some extra security is more than welcome here. We do full +# system protection (which makes /usr, /boot, & /etc read-only) and hide +# devices. To override these defaults, it's best to do so in the drop-in +# directory, often done via `systemctl edit rsync.service`. The file needs +# just the bare minimum of the right [heading] and override values. +# See systemd.unit(5) and search for "drop-in" for full details. + +ProtectSystem=full +#ProtectHome=on|off|read-only +PrivateDevices=on +NoNewPrivileges=on + +[Install] +WantedBy=multi-user.target |