mirror of
https://github.com/bitcoin/bitcoin.git
synced 2025-02-03 09:56:38 -05:00
7fb7acfc20
`bitcoind` can take a long time to flush its db cache to disk upon shutdown. Most init files send a `SIGKILL` after a timeout of 1 minute, causing unclean shutdowns and triggering a long "Rolling forward" at the next startup. Increasing this timeout to 10 minutes should reduce how often this occurs, especially during IBD. fixup! Set ProtectHome in systemd service file
69 lines
1.7 KiB
Desktop File
69 lines
1.7 KiB
Desktop File
# It is not recommended to modify this file in-place, because it will
|
|
# be overwritten during package upgrades. If you want to add further
|
|
# options or overwrite existing ones then use
|
|
# $ systemctl edit bitcoind.service
|
|
# See "man systemd.service" for details.
|
|
|
|
# Note that almost all daemon options could be specified in
|
|
# /etc/bitcoin/bitcoin.conf, except for those explicitly specified as arguments
|
|
# in ExecStart=
|
|
|
|
[Unit]
|
|
Description=Bitcoin daemon
|
|
After=network.target
|
|
|
|
[Service]
|
|
ExecStart=/usr/bin/bitcoind -daemon \
|
|
-pid=/run/bitcoind/bitcoind.pid \
|
|
-conf=/etc/bitcoin/bitcoin.conf \
|
|
-datadir=/var/lib/bitcoind
|
|
|
|
# Process management
|
|
####################
|
|
|
|
Type=forking
|
|
PIDFile=/run/bitcoind/bitcoind.pid
|
|
Restart=on-failure
|
|
TimeoutStopSec=600
|
|
|
|
# Directory creation and permissions
|
|
####################################
|
|
|
|
# Run as bitcoin:bitcoin
|
|
User=bitcoin
|
|
Group=bitcoin
|
|
|
|
# /run/bitcoind
|
|
RuntimeDirectory=bitcoind
|
|
RuntimeDirectoryMode=0710
|
|
|
|
# /etc/bitcoin
|
|
ConfigurationDirectory=bitcoin
|
|
ConfigurationDirectoryMode=0710
|
|
|
|
# /var/lib/bitcoind
|
|
StateDirectory=bitcoind
|
|
StateDirectoryMode=0710
|
|
|
|
# Hardening measures
|
|
####################
|
|
|
|
# Provide a private /tmp and /var/tmp.
|
|
PrivateTmp=true
|
|
|
|
# Mount /usr, /boot/ and /etc read-only for the process.
|
|
ProtectSystem=full
|
|
|
|
# Disallow the process and all of its children to gain
|
|
# new privileges through execve().
|
|
NoNewPrivileges=true
|
|
|
|
# Use a new /dev namespace only populated with API pseudo devices
|
|
# such as /dev/null, /dev/zero and /dev/random.
|
|
PrivateDevices=true
|
|
|
|
# Deny the creation of writable and executable memory mappings.
|
|
MemoryDenyWriteExecute=true
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|