diff --git a/deploy/build/rustfs-zh.service b/deploy/build/rustfs-zh.service deleted file mode 100644 index 1cc3373b..00000000 --- a/deploy/build/rustfs-zh.service +++ /dev/null @@ -1,101 +0,0 @@ -[Unit] -Description=RustFS Object Storage Server -# Describe the RustFS object storage service as shown in `systemctl status`. -Documentation=https://rustfs.com/docs/ -# Provide a documentation link for operators. -After=network-online.target -# Ensure the service starts only after the network is online. -Wants=network-online.target -# Express a soft dependency on `network-online.target` so we still attempt to start if the network is late. -# If you're using a database, you'll need to add the corresponding dependencies -# Uncomment these directives when a database is required. -# After=postgresql.service -# Example: start after PostgreSQL when the dependency is needed. -# Requires=postgresql.service -# Example: make PostgreSQL a hard requirement. - -[Service] -Type=notify -# Use the `notify` type so the process reports readiness via `sd_notify`. -NotifyAccess=main -# Only the main process can send notifications back to systemd. -User=rustfs -# Run as the dedicated `rustfs` user (create it ahead of time for security). -Group=rustfs -# Use the matching `rustfs` group. - -# working directory -WorkingDirectory=/opt/rustfs -# Set the working directory so relative paths resolve consistently. - -# Inline environment variables for authentication. -Environment=RUSTFS_ACCESS_KEY=rustfsadmin -# Access key used by RustFS authentication. -Environment=RUSTFS_SECRET_KEY=rustfsadmin -# Secret key that pairs with the access key. -ExecStart=/usr/local/bin/rustfs \ - --address 0.0.0.0:9000 \ - --volumes /data/rustfs/vol1,/data/rustfs/vol2 \ - --console-enable -# Launch RustFS with common arguments: -# --address 0.0.0.0:9000 listens on every interface. -# --volumes mounts /data/rustfs/vol1 and /data/rustfs/vol2. -# --console-enable turns on the management console. - -# Optionally load additional environment variables (see ../config/rustfs-zh.env). -EnvironmentFile=-/etc/default/rustfs -ExecStart=/usr/local/bin/rustfs $RUSTFS_VOLUMES $RUSTFS_OPTS - -# standard output and error log configuration -StandardOutput=append:/data/deploy/rust/logs/rustfs.log -StandardError=append:/data/deploy/rust/logs/rustfs-err.log - -# resource constraints -LimitNOFILE=1048576 -# Allow up to 1,048,576 file descriptors for high concurrency. -LimitNPROC=32768 -# Cap the number of processes at 32,768. -TasksMax=infinity -# Permit unlimited tasks (use carefully to avoid resource exhaustion). - -# restart the policy -Restart=always -# Always restart the service on failure to improve availability. -RestartSec=10s -# Wait 10 seconds between restart attempts. - -# graceful exit configuration -TimeoutStartSec=30s -# Treat startups that exceed 30 seconds as failures. -TimeoutStopSec=30s -# Force-stop the service if it does not exit within 30 seconds. - -# security settings -NoNewPrivileges=true -# Disable privilege escalation. -ProtectSystem=full -# Mount critical system directories read-only. -ProtectHome=true -# Prevent access to user home directories. -PrivateTmp=true -# Provide a private /tmp namespace. -PrivateDevices=true -# Deny direct hardware device access. -ProtectClock=true -# Block modifications to the system clock. -ProtectKernelTunables=true -# Protect /proc/sys kernel tunables. -ProtectKernelModules=true -# Prevent kernel module load/unload. -ProtectControlGroups=true -# Block cgroup modifications. -RestrictSUIDSGID=true -# Disallow SUID/SGID binaries. -RestrictRealtime=true -# Disallow real-time scheduling. -ReadWritePaths=/data/rustfs -# Grant read/write access only to /data/rustfs. - -[Install] -WantedBy=multi-user.target -# Enable the service in multi-user mode (compatible with `systemctl enable`). \ No newline at end of file