add a systemd socket unit for rsync

author Christian Hesse <mail@eworm.de>

Wed, 17 Jun 2020 08:17:26 +0000 (10:17 +0200)

committer Wayne Davison <wayne@opencoder.net>

Wed, 17 Jun 2020 16:19:12 +0000 (09:19 -0700)
author Christian Hesse <mail@eworm.de>
Wed, 17 Jun 2020 08:17:26 +0000 (10:17 +0200)
committer Wayne Davison <wayne@opencoder.net>
Wed, 17 Jun 2020 16:19:12 +0000 (09:19 -0700)
diff --git a/packaging/systemd/rsync.socket b/packaging/systemd/rsync.socket

new file mode 100644 (file)

index 0000000..5bceefe
--- /dev/null
+++ b/packaging/systemd/rsync.socket
@@ -0,0 +1,10 @@
+[Unit]
+Description=socket for fast remote file copy program daemon
+Conflicts=rsync.service
+
+[Socket]
+ListenStream=873
+Accept=true
+
+[Install]
+WantedBy=sockets.target
diff --git a/packaging/systemd/rsync@.service b/packaging/systemd/rsync@.service

new file mode 100644 (file)

index 0000000..2508c93
--- /dev/null
+++ b/packaging/systemd/rsync@.service
@@ -0,0 +1,25 @@
+[Unit]
+Description=fast remote file copy program daemon
+After=network.target
+
+[Service]
+ExecStart=-/usr/bin/rsync --daemon
+StandardInput=socket
+StandardOutput=inherit
+StandardError=journal
+
+# Citing README.md:
+#
+#   [...] Using ssh is recommended for its security features.
+#
+#   Alternatively, rsync can run in `daemon' mode, listening on a socket.
+#   This is generally used for public file distribution, [...]
+#
+# So let's assume some extra security is more than welcome here. We do full
+# system protection (which makes it read-only) and hide users' homes and
+# devices. See systemd.unit(5) and search for "drop-in" to override.
+
+ProtectSystem=full
+ProtectHome=on
+PrivateDevices=on
+NoNewPrivileges=on
author	Christian Hesse <mail@eworm.de>
	Wed, 17 Jun 2020 08:17:26 +0000 (10:17 +0200)
committer	Wayne Davison <wayne@opencoder.net>
	Wed, 17 Jun 2020 16:19:12 +0000 (09:19 -0700)
packaging/systemd/rsync.socket	[new file with mode: 0644]	patch \| blob
packaging/systemd/rsync@.service	[new file with mode: 0644]	patch \| blob