|
- [Unit]
- Description=Music Player Daemon
- Documentation=man:mpd(1) man:mpd.conf(5)
- Documentation=file:///usr/share/doc/mpd/html/user.html
- After=network.target sound.target
-
- [Service]
- Type=notify
- EnvironmentFile=/etc/default/mpd
- ExecStart=/usr/bin/mpd --no-daemon /etc/mpd((item)).conf
-
- # Enable this setting to ask systemd to watch over MPD, see
- # systemd.service(5). This is disabled by default because it causes
- # periodic wakeups which are unnecessary if MPD is not playing.
- #WatchdogSec=120
-
- # allow MPD to use real-time priority 40
- LimitRTPRIO=40
- LimitRTTIME=infinity
-
- # for io_uring
- LimitMEMLOCK=64M
-
- # disallow writing to /usr, /bin, /sbin, ...
- ProtectSystem=yes
-
- # more paranoid security settings
- NoNewPrivileges=yes
- ProtectKernelTunables=yes
- ProtectControlGroups=yes
- ProtectKernelModules=yes
- # AF_NETLINK is required by libsmbclient, or it will exit() .. *sigh*
- RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX AF_NETLINK
- RestrictNamespaces=yes
-
- [Install]
- WantedBy=multi-user.target
- Also=mpd.socket
|
