Home Explore Help
Sign In
fphammerle
/
systemctl-mqtt
mirror of https://github.com/fphammerle/systemctl-mqtt
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

add systemd user service config for autostart

https://github.com/fphammerle/systemctl-mqtt/issues/66
Fabian Peter Hammerle 10 months ago
parent
a15ebeb5a7
commit
33e3a1ca97
3 changed files with 64 additions and 0 deletions
Split View Show Diff Stats
  1. 4 0
      CHANGELOG.md
  2. 3 0
      README.md
  3. 57 0
      systemd-user.service

+ 4 - 0
CHANGELOG.md
View File 

@@ -6,6 +6,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 
 ## [Unreleased]
 
 
+### Documentation
 
+- added systemd user service config for autostart
 
+  (https://github.com/fphammerle/systemctl-mqtt/issues/66)
 
+
 
 ## [1.0.0] - 2025-01-04
 
 ### Added
 
 - suspend when receiving message on topic `systemctl/[hostname]/suspend`

+ 3 - 0
README.md
View File 

@@ -22,6 +22,9 @@ On debian-based systems, a subset of dependencies can optionally be installed vi
 
 $ sudo apt-get install --no-install-recommends python3-jeepney python3-paho-mqtt
 
 ```
 
 
+Follow instructions in [systemd-user.service](systemd-user.service) to start
 
+systemctl-mqtt automatically via systemd.
 
+
 
 ### Via Docker Compose 🐳
 
 
 1. Clone this repository.

+ 57 - 0
systemd-user.service
View File 

@@ -0,0 +1,57 @@
 
+# tested with systemd=252.31-1~deb12u1+rpi1 on raspberry pi os 12/bookworm
 
+# 1. copy to ~/.config/systemd/user/systemctl-mqtt.service
 
+# 2. edit parameters in ExecStart
 
+# 3. systemctl --user daemon-reload
 
+# 4. systemctl --user restart systemctl-mqtt.service
 
+# 5. sudo loginctl enable-linger $USER
 
+# 6. systemctl --user enable systemctl-mqtt.service
 
+[Unit]
 
+Documentation=https://github.com/fphammerle/systemctl-mqtt
 
+[Service]
 
+KeyringMode=private
 
+# > Failed to update dynamic user credentials: Permission denied
 
+DynamicUser=no
 
+# > Failed at step CAPABILITIES spawning …: Operation not permitted
 
+#CapabilityBoundingSet=
 
+NoNewPrivileges=yes
 
+# > Failed at step CAPABILITIES spawning …: Operation not permitted
 
+PrivateDevices=no
 
+# > Failed at step CAPABILITIES spawning …: Operation not permitted
 
+ProtectClock=no
 
+# > Failed at step CAPABILITIES spawning …: Operation not permitted
 
+ProtectKernelLogs=no
 
+ProtectControlGroups=yes
 
+# > Failed at step CAPABILITIES spawning …: Operation not permitted
 
+ProtectKernelModules=no
 
+SystemCallArchitectures=native
 
+MemoryDenyWriteExecute=yes
 
+RestrictNamespaces=~user pid net uts mnt ipc cgroup
 
+RestrictSUIDSGID=yes
 
+# > ProtectHostname=yes is configured, but UTS namespace setup is prohibited
 
+# . (container manager?), ignoring namespace setup.
 
+ProtectHostname=no
 
+LockPersonality=yes
 
+ProtectKernelTunables=yes
 
+RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX AF_NETLINK
 
+RestrictRealtime=yes
 
+# ineffective?
 
+DeviceAllow=
 
+ProtectSystem=strict
 
+ProtectProc=invisible
 
+ProcSubset=pid
 
+# ineffective
 
+ProtectHome=yes
 
+PrivateNetwork=no
 
+PrivateUsers=no
 
+PrivateTmp=yes
 
+SystemCallFilter=~@clock @swap @resources @reboot @raw-io @privileged \
 
+    @obsolete @mount @module @debug @cpu-emulation
 
+# ineffective
 
+#IPAddressAllow=
 
+#IPAddressDeny=any
 
+UMask=0077
 
+#ExecStartPre=/usr/lib/systemd/systemd-networkd-wait-online
 
+Type=exec
 
+ExecStart=%h/.local/bin/systemctl-mqtt --mqtt-host localhost --log-level debug
 
+[Install]
 
+WantedBy=default.target