Add eturnal (STUN/TURN standalone server) systemd service unit #187
Commits on May 17, 2021
-
systemd: Add service unit for eturnal.service
Taken [from upstream][1]. With `LogsDirectory=eturnal`, eturnal currently logs to `/var/log/eturnal/eturnal.log`. [1]: https://github.com/processone/eturnal/blob/master/config/eturnal.service
-
eturnal: Set env variable
ETURNAL_ETC_PREFIXfor configuration fileWith `ETURNAL_ETC_PREFIX=/project/eturnal` eturnal uses `/project/eturnal/etc/eturnal.yml`.
-
systemd/eturnal: Let epmd only listen on localhost
From [issues #9 (*Document ERL_EPMD_ADDRESS and ERL_EPMD_PORT*)][1]: > === ERL_EPMD_ADDRESS === > > On eturnal startup, an Erlang Port Mapper Daemon (epmd) service is spawned (if > not running already). This service listens on all available interfaces by > default. Setting the `ERL_EPMD_ADDRESS' environment variable tells epmd to > listen on the specified comma-seperated list of IP addresses instead. Note that > the IPv4 and IPv6 loopback addresses are implicitly added to this list if not > specified. It's usually recommended to set `ERL_EPMD_ADDRESS' to `127.0.0.1' > (e.g., by calling `systemctl edit eturnal' and adding an > `Environment="ERL_EPMD_ADDRESS=127.0.0.1"' line to the `[Service]' section). [1]: https://github.com/processone/eturnal/issues/9
-
systemd/eturnal: Listen on all hosts
This reverts commit f95afb4. Despite `net.ipv6.conf.all.disable_ipv6 = 1`, epmd tries to bind to the IPv6 loopback device, [which fails][1]. eturnalctl[91982]: Protocol 'inet_tcp': register/listen error: econnrefused So, remove `ERL_EPMD_ADDRESS=127.0.0.1`, which is no problem, as our firewall blocks access to epmd from the internet. [1]: https://github.com/processone/eturnal/issues/11
-
systemd/eturnal: Log to directory
login installation prefix`LogsDirectory=` does not support absolute paths: Nov 03 13:23:09 pitti.molgen.mpg.de systemd[1]: /etc/systemd/system/eturnal.service:20: LogsDirectory= path is absolute, ignoring: /project/eturnal/log Therefore, [do not set it all][1]: > If this environment variable is unset as well, a `log' directory is > created within the installation prefix. The directory `log` is a symbolic link to `/project/eturnal/log` [1]: https://github.com/processone/eturnal/blob/f9168eb70d2a1b8f7f110f4022985adb65175e55/doc/overview.edoc#L178-L188
Commits on May 18, 2021
-
systemd/eturnal: Remove install section to prevent accidental install…
…ation We use mxstartupctl to start the service.
-
systemd/eturnal: Use ProtectSystem=strict
[`ProtectSystem=strict` mounts more directories as read-only.][1] [The upstream service unit only sets it to `full` to support older systemd releases.][2] systemd 242, currently shipped by MarIuX, support `strict`, so use it. [1]: https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectSystem= [2]: https://github.com/processone/eturnal/issues/14#issuecomment-843021648
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.