openstack/designate
Code Issues Proposed changes
271eba7758
designate/contrib/djbdns/tinydns.service
Federico Ceratto be7e32dfaa Add djbdns backend 
Add docs and basic tests
Update config sample file and support matrix
Change-Id: I709cea4e321f6bbee3b0f9f718fa6a9836af3ca5
2016-05-20 10:46:36 +00:00

45 lines
939 B
Desktop File
Raw Blame History

#
# Replace /var/lib/djbdns if needed
#
[Unit]
Description=tinydns DNS resolver
Documentation=man:tinydns
Documentation=https://cr.yp.to/djbdns.html
After=network.target
Requires=network.target
Wants=network.target
ConditionPathExists=/var/lib/djbdns
[Service]
Type=forking
PIDFile=/run/tinydns.pid
Environment="ROOT=/var/lib/djbdns"
ExecStart=/usr/bin/tinydns
ExecStop=-/sbin/start-stop-daemon --quiet --stop --retry=TERM/5/KILL/5 --pidfile /run/tinydns.pid
TimeoutStopSec=30
KillMode=mixed
PermissionsStartOnly=true
Restart=on-abnormal
RestartSec=2s
LimitNOFILE=65536
WorkingDirectory=/var/lib/djbdns
User=$ug_name
Group=$ug_name
# Hardening
# CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_CHOWN CAP_FOWNER
NoNewPrivileges=yes
PrivateDevices=yes
PrivateTmp=yes
ProtectHome=yes
ProtectSystem=full
# TODO: restrict ReadOnlyDirectories
ReadOnlyDirectories=/
ReadWriteDirectories=-/var/lib/djbdns
[Install]
WantedBy=multi-user.target
View Git Blame Copy Permalink