[Feature Request]: Enhance Meshtastic Native Daemon systemd script for better security and resource management

### Platform

NRF52, ESP32

### Description

The current Meshtastic Native Daemon systemd script runs as the root user, which is generally considered a security risk. Additionally, it lacks automatic service restarts in case of failure and doesn't limit resource consumption effectively.

### Proposed Changes

- Change the service user and group to a dedicated "meshtastic" user.
- Add the “meshtastic” user to the 995(spi), 994(i2c), and 993(gpio) groups on Raspberry Pi OS.
- Add automatic service restarts on failure.
- Set resource limits (such as CPU weight) to prevent excessive resource usage.
- Add `AmbientCapabilities=CAP_NET_BIND_SERVICE` to the systemd script.

### Example Modified systemd Script
```
[Unit]
Description=Meshtastic Native Daemon
After=network-online.target

[Service]
User=meshtastic
Group=meshtastic
Type=simple
ExecStart=/usr/sbin/meshtasticd
Restart=on-failure
RestartSec=5s
StartLimitBurst=2
StartLimitInterval=150s
Nice=10
CPUWeight=1
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target
```

Please review and provide feedback!


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Feature Request]: Enhance Meshtastic Native Daemon systemd script for better security and resource management #3747

Platform

Description

Proposed Changes

Example Modified systemd Script

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

[Feature Request]: Enhance Meshtastic Native Daemon systemd script for better security and resource management #3747

Description

Platform

Description

Proposed Changes

Example Modified systemd Script

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions