From 2d5707c7479eacb3b1ad98e01b53f56a88f8fb78 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Wed, 17 Apr 2024 18:14:31 +0200
Subject: Adding upstream version 3.2.7.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 packaging/systemd/rsync@.service | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 packaging/systemd/rsync@.service

(limited to 'packaging/systemd/rsync@.service')

diff --git a/packaging/systemd/rsync@.service b/packaging/systemd/rsync@.service
new file mode 100644
index 0000000..63ba0c7
--- /dev/null
+++ b/packaging/systemd/rsync@.service
@@ -0,0 +1,28 @@
+[Unit]
+Description=fast remote file copy program daemon
+After=network.target
+
+[Service]
+ExecStart=-/usr/bin/rsync --daemon
+StandardInput=socket
+StandardOutput=inherit
+StandardError=journal
+
+# Citing README.md:
+#
+#   [...] Using ssh is recommended for its security features.
+#
+#   Alternatively, rsync can run in `daemon' mode, listening on a socket.
+#   This is generally used for public file distribution, [...]
+#
+# So let's assume some extra security is more than welcome here. We do full
+# system protection (which makes /usr, /boot, & /etc read-only) and hide
+# devices. To override these defaults, it's best to do so in the drop-in
+# directory, often done via `systemctl edit rsync@.service`. The file needs
+# just the bare minimum of the right [heading] and override values.
+# See systemd.unit(5) and search for "drop-in" for full details.
+
+ProtectSystem=full
+#ProtectHome=on|off|read-only
+PrivateDevices=on
+NoNewPrivileges=on
-- 
cgit v1.2.3