Delete deploy/build/rustfs-zh.service (#756)

2026-01-16 17:20:33 +00:00 · 2025-10-30 13:55:51 +08:00
parent d737a439d5
commit c43b11fb92
1 changed files with 0 additions and 101 deletions
--- a/deploy/build/rustfs-zh.service
+++ b/deploy/build/rustfs-zh.service
@@ -1,101 +0,0 @@
-[Unit]
-Description=RustFS Object Storage Server
-# Describe the RustFS object storage service as shown in `systemctl status`.
-Documentation=https://rustfs.com/docs/
-# Provide a documentation link for operators.
-After=network-online.target
-# Ensure the service starts only after the network is online.
-Wants=network-online.target
-# Express a soft dependency on `network-online.target` so we still attempt to start if the network is late.
-# If you're using a database, you'll need to add the corresponding dependencies
-# Uncomment these directives when a database is required.
-# After=postgresql.service
-# Example: start after PostgreSQL when the dependency is needed.
-# Requires=postgresql.service
-# Example: make PostgreSQL a hard requirement.
-
-[Service]
-Type=notify
-# Use the `notify` type so the process reports readiness via `sd_notify`.
-NotifyAccess=main
-# Only the main process can send notifications back to systemd.
-User=rustfs
-# Run as the dedicated `rustfs` user (create it ahead of time for security).
-Group=rustfs
-# Use the matching `rustfs` group.
-
-# working directory
-WorkingDirectory=/opt/rustfs
-# Set the working directory so relative paths resolve consistently.
-
-# Inline environment variables for authentication.
-Environment=RUSTFS_ACCESS_KEY=rustfsadmin
-# Access key used by RustFS authentication.
-Environment=RUSTFS_SECRET_KEY=rustfsadmin
-# Secret key that pairs with the access key.
-ExecStart=/usr/local/bin/rustfs \
-    --address 0.0.0.0:9000 \
-    --volumes /data/rustfs/vol1,/data/rustfs/vol2 \
-    --console-enable
-# Launch RustFS with common arguments:
-# --address 0.0.0.0:9000 listens on every interface.
-# --volumes mounts /data/rustfs/vol1 and /data/rustfs/vol2.
-# --console-enable turns on the management console.
-
-# Optionally load additional environment variables (see ../config/rustfs-zh.env).
-EnvironmentFile=-/etc/default/rustfs
-ExecStart=/usr/local/bin/rustfs  $RUSTFS_VOLUMES $RUSTFS_OPTS
-
-# standard output and error log configuration
-StandardOutput=append:/data/deploy/rust/logs/rustfs.log
-StandardError=append:/data/deploy/rust/logs/rustfs-err.log
-
-# resource constraints
-LimitNOFILE=1048576
-# Allow up to 1,048,576 file descriptors for high concurrency.
-LimitNPROC=32768
-# Cap the number of processes at 32,768.
-TasksMax=infinity
-# Permit unlimited tasks (use carefully to avoid resource exhaustion).
-
-# restart the policy
-Restart=always
-# Always restart the service on failure to improve availability.
-RestartSec=10s
-# Wait 10 seconds between restart attempts.
-
-# graceful exit configuration
-TimeoutStartSec=30s
-# Treat startups that exceed 30 seconds as failures.
-TimeoutStopSec=30s
-# Force-stop the service if it does not exit within 30 seconds.
-
-# security settings
-NoNewPrivileges=true
-# Disable privilege escalation.
-ProtectSystem=full
-# Mount critical system directories read-only.
-ProtectHome=true
-# Prevent access to user home directories.
-PrivateTmp=true
-# Provide a private /tmp namespace.
-PrivateDevices=true
-# Deny direct hardware device access.
-ProtectClock=true
-# Block modifications to the system clock.
-ProtectKernelTunables=true
-# Protect /proc/sys kernel tunables.
-ProtectKernelModules=true
-# Prevent kernel module load/unload.
-ProtectControlGroups=true
-# Block cgroup modifications.
-RestrictSUIDSGID=true
-# Disallow SUID/SGID binaries.
-RestrictRealtime=true
-# Disallow real-time scheduling.
-ReadWritePaths=/data/rustfs
-# Grant read/write access only to /data/rustfs.
-
-[Install]
-WantedBy=multi-user.target
-# Enable the service in multi-user mode (compatible with `systemctl enable`).