diff options
Diffstat (limited to 'packaging/systemd')
| -rw-r--r-- | packaging/systemd/rsync.service | 32 | ||||
| -rw-r--r-- | packaging/systemd/rsync.socket | 10 | ||||
| -rw-r--r-- | packaging/systemd/rsync@.service | 28 |
3 files changed, 70 insertions, 0 deletions
diff --git a/packaging/systemd/rsync.service b/packaging/systemd/rsync.service new file mode 100644 index 0000000..8a867ca --- /dev/null +++ b/packaging/systemd/rsync.service @@ -0,0 +1,32 @@ +[Unit] +Description=fast remote file copy program daemon +ConditionPathExists=/etc/rsyncd.conf +After=network.target +Documentation=man:rsync(1) man:rsyncd.conf(5) + +[Service] +ExecStart=/usr/bin/rsync --daemon --no-detach +RestartSec=1 +Restart=on-failure + +# Citing README.md: +# +# [...] Using ssh is recommended for its security features. +# +# Alternatively, rsync can run in `daemon' mode, listening on a socket. +# This is generally used for public file distribution, [...] +# +# So let's assume some extra security is more than welcome here. We do full +# system protection (which makes /usr, /boot, & /etc read-only) and hide +# devices. To override these defaults, it's best to do so in the drop-in +# directory, often done via `systemctl edit rsync.service`. The file needs +# just the bare minimum of the right [heading] and override values. +# See systemd.unit(5) and search for "drop-in" for full details. + +ProtectSystem=full +#ProtectHome=on|off|read-only +PrivateDevices=on +NoNewPrivileges=on + +[Install] +WantedBy=multi-user.target diff --git a/packaging/systemd/rsync.socket b/packaging/systemd/rsync.socket new file mode 100644 index 0000000..5bceefe --- /dev/null +++ b/packaging/systemd/rsync.socket @@ -0,0 +1,10 @@ +[Unit] +Description=socket for fast remote file copy program daemon +Conflicts=rsync.service + +[Socket] +ListenStream=873 +Accept=true + +[Install] +WantedBy=sockets.target diff --git a/packaging/systemd/rsync@.service b/packaging/systemd/rsync@.service new file mode 100644 index 0000000..63ba0c7 --- /dev/null +++ b/packaging/systemd/rsync@.service @@ -0,0 +1,28 @@ +[Unit] +Description=fast remote file copy program daemon +After=network.target + +[Service] +ExecStart=-/usr/bin/rsync --daemon +StandardInput=socket +StandardOutput=inherit +StandardError=journal + +# Citing README.md: +# +# [...] Using ssh is recommended for its security features. +# +# Alternatively, rsync can run in `daemon' mode, listening on a socket. +# This is generally used for public file distribution, [...] +# +# So let's assume some extra security is more than welcome here. We do full +# system protection (which makes /usr, /boot, & /etc read-only) and hide +# devices. To override these defaults, it's best to do so in the drop-in +# directory, often done via `systemctl edit rsync@.service`. The file needs +# just the bare minimum of the right [heading] and override values. +# See systemd.unit(5) and search for "drop-in" for full details. + +ProtectSystem=full +#ProtectHome=on|off|read-only +PrivateDevices=on +NoNewPrivileges=on |