Commit ed62cc88 authored by Daniel Kahn Gillmor's avatar Daniel Kahn Gillmor

systemd rules for closely-supervised knot-resolver service

This is a fully-socket-activated knot-resolver service that can run as
a non-priivleged user named knot-resolver.
parent 2a95547e
......@@ -23,7 +23,6 @@
.libs
.deps
_obj
tmp*
/autom4te.cache/*
/config.log
/config.h
......
[Unit]
Description=Knot DNS Resolver control socket
Documentation=man:kresd(8)
Before=sockets.target
[Socket]
ListenStream=/run/knot-resolver/control
FileDescriptorName=control
Service=knot-resolver.service
SocketMode=0660
[Install]
WantedBy=sockets.target
[Unit]
Description=Knot DNS Resolver daemon
## This is a socket-activated service:
RefuseManualStart=true
[Service]
Type=notify
WorkingDirectory=/run/knot-resolver/cache
ExecStart=/usr/sbin/kresd
User=knot-resolver
Restart=on-failure
[Install]
WantedBy=sockets.target
[Unit]
Description=Knot DNS Resolver network listeners
Documentation=man:kresd(8)
Before=sockets.target
[Socket]
ListenStream=[::1]:53
ListenDatagram=[::1]:53
ListenStream=127.0.0.1:53
ListenDatagram=127.0.0.1:53
[Install]
WantedBy=sockets.target
# tmpfiles.d(5) runtime directory for knot-resolver (kresd)
#Type Path Mode UID GID Age Argument
d /run/knot-resolver 0750 root root - -
d /run/knot-resolver/cache 0750 knot-resolver knot-resolver - -
L /run/knot-resolver/cache/config 0750 knot-resolver knot-resolver - /etc/knot-resolver/kresd.conf
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment