1.37.0, worker unit file
This commit is contained in:
parent
2a83f6aac4
commit
c032074b69
|
|
@ -1,7 +1,7 @@
|
|||
%global srcname synapse
|
||||
|
||||
# Version suffix in URL when building release candidates
|
||||
%global rcx rc1
|
||||
%global rcx %{nil}
|
||||
%global ghversion 1.37.0
|
||||
|
||||
%{?python_enable_dependency_generator}
|
||||
|
|
@ -22,6 +22,7 @@ Source0: %{url}/archive/v%{ghversion}%{rcx}/%{srcname}-%{ghversion}%{rcx}.tar
|
|||
Source1: synapse.sysconfig
|
||||
Source2: synapse.service
|
||||
Source3: synapse-homeserver
|
||||
Source4: synapse@.service
|
||||
BuildArch: noarch
|
||||
|
||||
BuildRequires: python3-devel
|
||||
|
|
@ -127,13 +128,15 @@ exit 0
|
|||
|
||||
%post
|
||||
%systemd_post synapse.service
|
||||
%systemd_post synapse@.service
|
||||
|
||||
%preun
|
||||
%systemd_preun synapse.service
|
||||
%systemd_preun synapse@.service
|
||||
|
||||
%postun
|
||||
%systemd_postun_with_restart synapse.service
|
||||
|
||||
%systemd_postun_with_restart synapse@.service
|
||||
|
||||
%files
|
||||
%license LICENSE
|
||||
|
|
@ -143,6 +146,7 @@ exit 0
|
|||
%{python3_sitelib}/matrix_synapse*.egg-info/
|
||||
%{_bindir}/*
|
||||
%{_unitdir}/synapse.service
|
||||
%{_unitdir}/synapse@.service
|
||||
%attr(755,synapse,synapse) %dir %{_sharedstatedir}/synapse
|
||||
%attr(755,synapse,synapse) %dir %{_sysconfdir}/synapse
|
||||
%attr(644,synapse,synapse) %config(noreplace) %{_sysconfdir}/synapse/*
|
||||
|
|
|
|||
70
synapse@.service
Normal file
70
synapse@.service
Normal file
|
|
@ -0,0 +1,70 @@
|
|||
[Unit]
|
||||
Description=Synapse Worker %i
|
||||
AssertPathExists=/etc/synapse/workers/%i.yaml
|
||||
|
||||
# This service should be restarted when the synapse target is restarted.
|
||||
#PartOf=synapse.target
|
||||
#ReloadPropagatedFrom=synapse.target
|
||||
|
||||
# if this is started at the same time as the main, let the main process start
|
||||
# first, to initialise the database schema.
|
||||
After=synapse.service
|
||||
|
||||
[Service]
|
||||
Type=notify
|
||||
NotifyAccess=main
|
||||
User=synapse
|
||||
WorkingDirectory=/var/lib/synapse
|
||||
ExecStart=/usr/bin/python -m synapse.app.generic_worker --config-path=/etc/synapse/homeserver.yaml --config-path=/etc/synapse/workers/%i.yaml
|
||||
ExecReload=/bin/kill -HUP $MAINPID
|
||||
Restart=on-failure
|
||||
RestartSec=3
|
||||
SyslogIdentifier=synapse-%i
|
||||
|
||||
Environment="LD_PRELOAD=/usr/lib64/libjemalloc.so.2"
|
||||
CPUAccounting=on
|
||||
MemoryAccounting=on
|
||||
|
||||
MemoryHigh=500M
|
||||
MemoryMax=1G
|
||||
MemorySwapMax=1G
|
||||
|
||||
CPUWeight=75
|
||||
|
||||
PrivateTmp=yes
|
||||
PrivateDevices=true
|
||||
PrivateUsers=true
|
||||
|
||||
CapabilityBoundingSet=
|
||||
AmbientCapabilities=
|
||||
|
||||
DevicePolicy=closed
|
||||
|
||||
ProtectSystem=strict
|
||||
ProtectHome=yes
|
||||
ProtectControlGroups=yes
|
||||
ProtectKernelModules=yes
|
||||
ProtectKernelTunables=yes
|
||||
ProtectClock=true
|
||||
ProtectKernelLogs=yes
|
||||
ProtectHostname=true
|
||||
|
||||
ProtectProc=invisible
|
||||
ProcSubset=pid
|
||||
|
||||
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
|
||||
RestrictNamespaces=yes
|
||||
RestrictRealtime=yes
|
||||
RestrictSUIDSGID=yes
|
||||
|
||||
NoNewPrivileges=yes
|
||||
LockPersonality=yes
|
||||
|
||||
SystemCallArchitectures=native
|
||||
SystemCallFilter=@system-service
|
||||
SystemCallFilter=~@privileged @resources @obsolete
|
||||
|
||||
RemoveIPC=true
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Loading…
Reference in a new issue