summaryrefslogtreecommitdiffstats
path: root/packaging/systemd/rsync@.service
diff options
context:
space:
mode:
Diffstat (limited to 'packaging/systemd/rsync@.service')
-rw-r--r--packaging/systemd/rsync@.service28
1 files changed, 28 insertions, 0 deletions
diff --git a/packaging/systemd/rsync@.service b/packaging/systemd/rsync@.service
new file mode 100644
index 0000000..63ba0c7
--- /dev/null
+++ b/packaging/systemd/rsync@.service
@@ -0,0 +1,28 @@
+[Unit]
+Description=fast remote file copy program daemon
+After=network.target
+
+[Service]
+ExecStart=-/usr/bin/rsync --daemon
+StandardInput=socket
+StandardOutput=inherit
+StandardError=journal
+
+# Citing README.md:
+#
+# [...] Using ssh is recommended for its security features.
+#
+# Alternatively, rsync can run in `daemon' mode, listening on a socket.
+# This is generally used for public file distribution, [...]
+#
+# So let's assume some extra security is more than welcome here. We do full
+# system protection (which makes /usr, /boot, & /etc read-only) and hide
+# devices. To override these defaults, it's best to do so in the drop-in
+# directory, often done via `systemctl edit rsync@.service`. The file needs
+# just the bare minimum of the right [heading] and override values.
+# See systemd.unit(5) and search for "drop-in" for full details.
+
+ProtectSystem=full
+#ProtectHome=on|off|read-only
+PrivateDevices=on
+NoNewPrivileges=on