From 30180d9e1606d4c21f239f03d9d561d6a5094ee6 Mon Sep 17 00:00:00 2001
From: Joonas Kuorilehto <joneskoo@derbian.fi>
Date: Thu, 29 Nov 2018 21:50:07 +0200
Subject: [PATCH] Add example systemd service file

---
 contrib/systemd/bluewalker.service | 37 ++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 contrib/systemd/bluewalker.service

diff --git a/contrib/systemd/bluewalker.service b/contrib/systemd/bluewalker.service
new file mode 100644
index 0000000..ed3eab9
--- /dev/null
+++ b/contrib/systemd/bluewalker.service
@@ -0,0 +1,37 @@
+[Unit]
+Description=bluewalker ruuvitag receiver
+Documentation=https://gitlab.com/jtaimisto/bluewalker/
+After=network-online.target
+Wants=network-online.target systemd-networkd-wait-online.service
+
+[Service]
+Restart=on-abnormal
+
+; User and group the process will run as.
+User=pi
+Group=pi
+
+ExecStart=/usr/local/bin/bluewalker -device hci0 -ruuvi -duration -1
+
+StandardOutput=null
+
+; Limit the number of file descriptors; see `man systemd.exec` for more limit settings.
+LimitNOFILE=1024
+LimitNPROC=32
+
+; Use private /tmp and /var/tmp, which are discarded after service stops.
+PrivateTmp=true
+; Use a minimal /dev (May bring additional security if switched to 'true', but it may not work on Raspberry Pi's or other devices, so it has been disabled in this dist.)
+PrivateDevices=false
+; Hide /home, /root, and /run/user. Nobody will steal your SSH-keys.
+ProtectHome=true
+; Make /usr, /boot, /etc and possibly some more folders read-only.
+ProtectSystem=full
+
+; The following additional security directives only work with systemd v229 or later.
+CapabilityBoundingSet=CAP_NET_RAW CAP_NET_ADMIN
+AmbientCapabilities=CAP_NET_RAW CAP_NET_ADMIN
+NoNewPrivileges=true
+
+[Install]
+WantedBy=multi-user.target
-- 
GitLab