From: Christian Hesse <mail@eworm.de>
Date: Wed, 17 Jun 2020 08:17:26 +0000 (+0200)
Subject: add a systemd socket unit for rsync
X-Git-Tag: v3.2.0pre3~2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9ec777faf8ca1572188ef206a5dbcb7bb721781c;p=thirdparty%2Frsync.git

add a systemd socket unit for rsync
---

diff --git a/packaging/systemd/rsync.socket b/packaging/systemd/rsync.socket
new file mode 100644
index 00000000..5bceefe9
--- /dev/null
+++ b/packaging/systemd/rsync.socket
@@ -0,0 +1,10 @@
+[Unit]
+Description=socket for fast remote file copy program daemon
+Conflicts=rsync.service
+
+[Socket]
+ListenStream=873
+Accept=true
+
+[Install]
+WantedBy=sockets.target
diff --git a/packaging/systemd/rsync@.service b/packaging/systemd/rsync@.service
new file mode 100644
index 00000000..2508c93e
--- /dev/null
+++ b/packaging/systemd/rsync@.service
@@ -0,0 +1,25 @@
+[Unit]
+Description=fast remote file copy program daemon
+After=network.target
+
+[Service]
+ExecStart=-/usr/bin/rsync --daemon
+StandardInput=socket
+StandardOutput=inherit
+StandardError=journal
+
+# Citing README.md:
+#
+#   [...] Using ssh is recommended for its security features.
+#
+#   Alternatively, rsync can run in `daemon' mode, listening on a socket.
+#   This is generally used for public file distribution, [...]
+#
+# So let's assume some extra security is more than welcome here. We do full
+# system protection (which makes it read-only) and hide users' homes and
+# devices. See systemd.unit(5) and search for "drop-in" to override.
+
+ProtectSystem=full
+ProtectHome=on
+PrivateDevices=on
+NoNewPrivileges=on