systemd: add "system" sub directory

author: Max Kellermann <max@musicpd.org> 2016-12-13 08:42:05 +0100
committer: Max Kellermann <max@musicpd.org> 2016-12-13 10:24:10 +0100
commit: 53e22b81ef026e873c992bca35e27b41580a0bf8 (patch)
tree: d9dc27f54eb0251d5929bd761b3e180c40cb9474 /systemd/system
parent: 3fc9d50adb9ed1586302ab47bf677f6e72ff7a88 (diff)
2 files changed, 35 insertions, 0 deletions
diff --git a/systemd/system/mpd.service.in b/systemd/system/mpd.service.in
new file mode 100644
index 000000000..250ab521c
--- /dev/null
+++ b/systemd/system/mpd.service.in
@@ -0,0 +1,26 @@
+[Unit]
+Description=Music Player Daemon
+After=network.target sound.target
+
+[Service]
+ExecStart=@prefix@/bin/mpd --no-daemon
+
+# allow MPD to use real-time priority 50
+LimitRTPRIO=50
+LimitRTTIME=infinity
+
+# disallow writing to /usr, /bin, /sbin, ...
+ProtectSystem=yes
+
+# more paranoid security settings
+NoNewPrivileges=yes
+ProtectKernelTunables=yes
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+# AF_NETLINK is required by libsmbclient, or it will exit() .. *sigh*
+RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX AF_NETLINK
+RestrictNamespaces=yes
+
+[Install]
+WantedBy=multi-user.target
+Also=mpd.socket
diff --git a/systemd/system/mpd.socket b/systemd/system/mpd.socket
new file mode 100644
index 000000000..c4692592c
--- /dev/null
+++ b/systemd/system/mpd.socket
@@ -0,0 +1,9 @@
+[Socket]
+ListenStream=/run/mpd/socket
+ListenStream=6600
+Backlog=5
+KeepAlive=true
+PassCredentials=true
+
+[Install]
+WantedBy=sockets.target
author	Max Kellermann <max@musicpd.org>	2016-12-13 08:42:05 +0100
committer	Max Kellermann <max@musicpd.org>	2016-12-13 10:24:10 +0100
commit	53e22b81ef026e873c992bca35e27b41580a0bf8 (patch)
tree	d9dc27f54eb0251d5929bd761b3e180c40cb9474 /systemd/system
parent	3fc9d50adb9ed1586302ab47bf677f6e72ff7a88 (diff)