Added systemd unit file

The unit file is similar to the one I initially wrote for regelwerk, which uses DynamicUser to isolate the process.
2026-01-29 22:38:23 +00:00 · 2023-08-04 01:16:24 +08:00
parent 8640f0a9c2
commit 24e3f92a59
1 changed files with 26 additions and 0 deletions
--- a/hapz2m.service
+++ b/hapz2m.service
@@ -0,0 +1,26 @@
+[Unit]
+Description=HomeKit to Zigbee2MQTT Bridge
+After=network.target
+
+[Install]
+WantedBy=multi-user.target
+
+[Service]
+Type=exec
+ExecStart=/usr/bin/hapz2m -quiet -config /var/lib/hapz2m/hapz2m.conf -db /var/lib/hapz2m/db
+PrivateDevices=yes
+PrivateTmp=yes
+NoNewPrivileges=yes
+ProtectSystem=full
+ProtectHome=yes
+RestrictNamespaces=yes
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+
+# hack for DynamicUser readable config file, systemd < 251
+# see https://github.com/systemd/systemd/issues/16060#issuecomment-964168566
+DynamicUser=yes
+StateDirectory=hapz2m
+ExecStartPre=+bash -c "install -p -m 0660 -o $(stat -L -c %%u /var/lib/hapz2m) -t /var/lib/hapz2m/ /etc/hapz2m.conf"
+