File tree Expand file tree Collapse file tree 2 files changed +57
-52
lines changed
Expand file tree Collapse file tree 2 files changed +57
-52
lines changed Original file line number Diff line number Diff line change @@ -34,58 +34,14 @@ A sample configuration file can be found [config.yml](https://github.com/rpcpool
3434
3535### Systemd
3636
37- Running Jet as a service under SystemD is our recommended approach. A sample systemd file:
38-
39- ``` ini
40- [Unit]
41- Description =Yellowstone Jet transaction forwarder
42- After =network-online.target
43- Wants =network-online.target
44- StartLimitIntervalSec =0
45-
46- [Service]
47- Type =simple
48- DynamicUser =yes
49- ConfigDirectory =yellowstone-jet
50-
51- ExecStart =/usr/local/bin/yellowstone-jet --config /etc/yellowstone-jet/config.yml
52-
53- Environment =RUST_LOG =" warn"
54- Restart =always
55- RestartSec =5
56-
57- # Resource Limits
58- LimitNOFILE =700000
59- LimitNPROC =700000
60-
61- # File System Sandboxing
62- ProtectSystem =strict
63- ProtectHome =yes
64- PrivateTmp =yes
65- PrivateDevices =yes
66- ProtectHostname =yes
67- ProtectClock =yes
68- ProtectKernelTunables =yes
69- ProtectKernelModules =yes
70- ProtectKernelLogs =yes
71- ProtectControlGroups =yes
72- RestrictAddressFamilies =AF_INET AF_INET6 AF_UNIX
73- RestrictNamespaces =yes
74- LockPersonality =yes
75- MemoryDenyWriteExecute =yes
76- RestrictRealtime =yes
77- RestrictSUIDSGID =yes
78- RemoveIPC =yes
79- PrivateUsers =yes
80-
81- # Privilege Escalation & System Calls
82- NoNewPrivileges =yes
83- SystemCallFilter =@system-service
84- SystemCallErrorNumber =EPERM
85- SystemCallArchitectures =native
86-
87- [Install]
88- WantedBy =multi-user.target
37+ Running Jet as a service under SystemD is our recommended approach. A sample systemd file is provided at [ systemd/yellowstone-jet.service] ( systemd/yellowstone-jet.service ) .
38+
39+ To install:
40+
41+ ``` bash
42+ sudo cp systemd/yellowstone-jet.service /etc/systemd/system/
43+ sudo systemctl daemon-reload
44+ sudo systemctl enable --now yellowstone-jet
8945```
9046
9147## Attribution
Original file line number Diff line number Diff line change 1+ [Unit]
2+ Description =Yellowstone Jet transaction forwarder
3+ After =network-online.target
4+ Wants =network-online.target
5+ StartLimitIntervalSec =0
6+
7+ [Service]
8+ Type =simple
9+ DynamicUser =yes
10+ ConfigDirectory =yellowstone-jet
11+
12+ ExecStart =/usr/local/bin/yellowstone-jet --config /etc/yellowstone-jet/config.yml
13+
14+ Environment =RUST_LOG ="warn"
15+ Restart =always
16+ RestartSec =5
17+
18+ # Resource Limits
19+ LimitNOFILE =700000
20+ LimitNPROC =700000
21+
22+ # File System Sandboxing
23+ ProtectSystem =strict
24+ ProtectHome =yes
25+ PrivateTmp =yes
26+ PrivateDevices =yes
27+ ProtectHostname =yes
28+ ProtectClock =yes
29+ ProtectKernelTunables =yes
30+ ProtectKernelModules =yes
31+ ProtectKernelLogs =yes
32+ ProtectControlGroups =yes
33+ RestrictAddressFamilies =AF_INET AF_INET6 AF_UNIX
34+ RestrictNamespaces =yes
35+ LockPersonality =yes
36+ MemoryDenyWriteExecute =yes
37+ RestrictRealtime =yes
38+ RestrictSUIDSGID =yes
39+ RemoveIPC =yes
40+ PrivateUsers =yes
41+
42+ # Privilege Escalation & System Calls
43+ NoNewPrivileges =yes
44+ SystemCallFilter =@system-service
45+ SystemCallErrorNumber =EPERM
46+ SystemCallArchitectures =native
47+
48+ [Install]
49+ WantedBy =multi-user.target
You can’t perform that action at this time.
0 commit comments