1.37.0, worker unit file

This commit is contained in:
Alex Manning 2021-06-29 16:56:13 +01:00
parent 2a83f6aac4
commit c032074b69
2 changed files with 76 additions and 2 deletions

View file

@ -1,7 +1,7 @@
%global srcname synapse
# Version suffix in URL when building release candidates
%global rcx rc1
%global rcx %{nil}
%global ghversion 1.37.0
%{?python_enable_dependency_generator}
@ -22,6 +22,7 @@ Source0: %{url}/archive/v%{ghversion}%{rcx}/%{srcname}-%{ghversion}%{rcx}.tar
Source1: synapse.sysconfig
Source2: synapse.service
Source3: synapse-homeserver
Source4: synapse@.service
BuildArch: noarch
BuildRequires: python3-devel
@ -127,13 +128,15 @@ exit 0
%post
%systemd_post synapse.service
%systemd_post synapse@.service
%preun
%systemd_preun synapse.service
%systemd_preun synapse@.service
%postun
%systemd_postun_with_restart synapse.service
%systemd_postun_with_restart synapse@.service
%files
%license LICENSE
@ -143,6 +146,7 @@ exit 0
%{python3_sitelib}/matrix_synapse*.egg-info/
%{_bindir}/*
%{_unitdir}/synapse.service
%{_unitdir}/synapse@.service
%attr(755,synapse,synapse) %dir %{_sharedstatedir}/synapse
%attr(755,synapse,synapse) %dir %{_sysconfdir}/synapse
%attr(644,synapse,synapse) %config(noreplace) %{_sysconfdir}/synapse/*

70
synapse@.service Normal file
View file

@ -0,0 +1,70 @@
[Unit]
Description=Synapse Worker %i
AssertPathExists=/etc/synapse/workers/%i.yaml
# This service should be restarted when the synapse target is restarted.
#PartOf=synapse.target
#ReloadPropagatedFrom=synapse.target
# if this is started at the same time as the main, let the main process start
# first, to initialise the database schema.
After=synapse.service
[Service]
Type=notify
NotifyAccess=main
User=synapse
WorkingDirectory=/var/lib/synapse
ExecStart=/usr/bin/python -m synapse.app.generic_worker --config-path=/etc/synapse/homeserver.yaml --config-path=/etc/synapse/workers/%i.yaml
ExecReload=/bin/kill -HUP $MAINPID
Restart=on-failure
RestartSec=3
SyslogIdentifier=synapse-%i
Environment="LD_PRELOAD=/usr/lib64/libjemalloc.so.2"
CPUAccounting=on
MemoryAccounting=on
MemoryHigh=500M
MemoryMax=1G
MemorySwapMax=1G
CPUWeight=75
PrivateTmp=yes
PrivateDevices=true
PrivateUsers=true
CapabilityBoundingSet=
AmbientCapabilities=
DevicePolicy=closed
ProtectSystem=strict
ProtectHome=yes
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectClock=true
ProtectKernelLogs=yes
ProtectHostname=true
ProtectProc=invisible
ProcSubset=pid
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
RestrictNamespaces=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
NoNewPrivileges=yes
LockPersonality=yes
SystemCallArchitectures=native
SystemCallFilter=@system-service
SystemCallFilter=~@privileged @resources @obsolete
RemoveIPC=true
[Install]
WantedBy=multi-user.target