From 5dfa1de38dfbaf3e3e70bd0151d36dab66adc0fa Mon Sep 17 00:00:00 2001
From: Alexey Korepanov <kaikaikai@yandex.ru>
Date: Thu, 27 May 2021 21:35:37 +0100
Subject: net-vpn/i2pd: update systemd service

Signed-off-by: Alexey Korepanov <kaikaikai@yandex.ru>
Closes: https://github.com/gentoo/gentoo/pull/21009
Signed-off-by: Sam James <sam@gentoo.org>
---
 net-vpn/i2pd/files/i2pd-2.38.0.service   | 37 ++++++++++++++++++++++++++++++++
 net-vpn/i2pd/files/i2pd-2.6.0-r3.service | 21 ------------------
 net-vpn/i2pd/i2pd-2.38.0.ebuild          |  2 +-
 3 files changed, 38 insertions(+), 22 deletions(-)
 create mode 100644 net-vpn/i2pd/files/i2pd-2.38.0.service
 delete mode 100644 net-vpn/i2pd/files/i2pd-2.6.0-r3.service

(limited to 'net-vpn')

diff --git a/net-vpn/i2pd/files/i2pd-2.38.0.service b/net-vpn/i2pd/files/i2pd-2.38.0.service
new file mode 100644
index 000000000000..99c1bf202250
--- /dev/null
+++ b/net-vpn/i2pd/files/i2pd-2.38.0.service
@@ -0,0 +1,37 @@
+[Unit]
+Description=C++ daemon for accessing the I2P network
+After=network.target
+
+[Service]
+Type=forking
+Restart=on-abnormal
+User=i2pd
+Group=i2pd
+LimitNOFILE=4096
+
+# restrictions
+ProtectSystem=full
+ProtectHome=yes
+ProtectControlGroups=yes
+ProtectKernelLogs=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+ProtectClock=yes
+PrivateUsers=yes
+PrivateDevices=yes
+PrivateTmp=yes
+RestrictNamespaces=yes
+RestrictSUIDSGID=yes
+CapabilityBoundingSet=
+NoNewPrivileges=yes
+
+RuntimeDirectory=i2pd
+RuntimeDirectoryMode=0700
+PIDFile=/run/i2pd/i2pd.pid
+ExecStartPre=+/bin/touch /var/log/i2pd.log
+ExecStartPre=+/bin/chown i2pd:i2pd /var/log/i2pd.log
+ExecStartPre=+/bin/chmod 600 /var/log/i2pd.log
+ExecStart=/usr/bin/i2pd --daemon --service --pidfile=${RUNTIME_DIRECTORY}/i2pd.pid --log=file --logfile=/var/log/i2pd.log --conf=/etc/i2pd/i2pd.conf --tunconf=/etc/i2pd/tunnels.conf
+
+[Install]
+WantedBy=multi-user.target
diff --git a/net-vpn/i2pd/files/i2pd-2.6.0-r3.service b/net-vpn/i2pd/files/i2pd-2.6.0-r3.service
deleted file mode 100644
index 6821a00552df..000000000000
--- a/net-vpn/i2pd/files/i2pd-2.6.0-r3.service
+++ /dev/null
@@ -1,21 +0,0 @@
-[Unit]
-Description=C++ daemon for accessing the I2P network
-After=network.target
-
-[Service]
-Type=forking
-Restart=on-abnormal
-PIDFile=/run/i2pd/i2pd.pid
-User=i2pd
-Group=i2pd
-LimitNOFILE=4096
-PermissionsStartOnly=yes
-ExecStartPre=/bin/mkdir -p /run/i2pd
-ExecStartPre=/bin/chown i2pd:i2pd /run/i2pd
-ExecStartPre=/bin/touch /run/i2pd/i2pd.pid /var/log/i2pd.log
-ExecStartPre=/bin/chown i2pd:i2pd /run/i2pd/i2pd.pid /var/log/i2pd.log
-ExecStart=/usr/bin/i2pd --daemon --service --pidfile=/run/i2pd/i2pd.pid --log=file --logfile=/var/log/i2pd.log --conf=/etc/i2pd/i2pd.conf --tunconf=/etc/i2pd/tunnels.conf
-
-[Install]
-WantedBy=multi-user.target
-
diff --git a/net-vpn/i2pd/i2pd-2.38.0.ebuild b/net-vpn/i2pd/i2pd-2.38.0.ebuild
index 2422eec0aa6c..847dab8ce292 100644
--- a/net-vpn/i2pd/i2pd-2.38.0.ebuild
+++ b/net-vpn/i2pd/i2pd-2.38.0.ebuild
@@ -75,7 +75,7 @@ src_install() {
 	# openrc and systemd daemon routines
 	newconfd "${FILESDIR}/i2pd-2.6.0-r3.confd" i2pd
 	newinitd "${FILESDIR}/i2pd-2.6.0-r3.initd" i2pd
-	systemd_newunit "${FILESDIR}/i2pd-2.6.0-r3.service" i2pd.service
+	systemd_newunit "${FILESDIR}/i2pd-2.38.0.service" i2pd.service
 
 	# logrotate
 	insinto /etc/logrotate.d
-- 
cgit v1.2.3-65-gdbad