postgresql/trunk/postgresql.service

   1 [Unit]
   2 Description=PostgreSQL database server
   3 After=network.target
   4
   5 [Service]
   6 Type=notify
   7 TimeoutSec=120
   8 User=postgres
   9 Group=postgres
  10
  11 Environment=PGROOT=/var/lib/postgres
  12
  13 SyslogIdentifier=postgres
  14 PIDFile=/var/lib/postgres/data/postmaster.pid
  15 RuntimeDirectory=postgresql
  16 RuntimeDirectoryMode=755
  17
  18 ExecStartPre=/usr/bin/postgresql-check-db-dir ${PGROOT}/data
  19 ExecStart=/usr/bin/postgres -D ${PGROOT}/data
  20 ExecReload=/bin/kill -HUP ${MAINPID}
  21 KillMode=mixed
  22 KillSignal=SIGINT
  23
  24 # Due to PostgreSQL's use of shared memory, OOM killer is often overzealous in
  25 # killing Postgres, so adjust it downward
  26 OOMScoreAdjust=-200
  27
  28 # Additional security-related features
  29 PrivateTmp=true
  30 ProtectHome=true
  31 ProtectSystem=full
  32 NoNewPrivileges=true
  33 ProtectControlGroups=true
  34 ProtectKernelModules=true
  35 ProtectKernelTunables=true
  36 PrivateDevices=true
  37 RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
  38 RestrictNamespaces=true
  39 RestrictRealtime=true
  40 SystemCallArchitectures=native
  41
  42 [Install]
  43 WantedBy=multi-user.target