ninfod: add systemd service unit file

Signed-off-by: Sami Kerola <kerolasa@iki.fi>

2 files changed, 43 insertions, 5 deletions

diff --git a/ninfod/meson.build b/ninfod/meson.build
index fc5ede4..4e3cfd9 100644
--- a/ninfod/meson.build
+++ b/ninfod/meson.build
@@ -16,8 +16,20 @@ executable('ninfod', [ninfod_sources, git_version_h],
 	install_dir: 'sbin')
 conf_data = configuration_data()
 conf_data.set('prefix', get_option('prefix'))
-configure_file(input : 'ninfod.sh.in',
-	output : 'ninfod.sh',
-	configuration : conf_data,
-	install : true,
-	install_dir : join_paths(get_option('sysconfdir'), 'init.d'))
+
+if systemd.found()
+	subs = configuration_data()
+	subs.set('sbindir', join_paths(get_option('prefix'), get_option('sbindir')))
+	unit_file = configure_file(
+		input: '../systemd/ninfod.service.in',
+		output: 'ninfod.service',
+		configuration: subs
+	)
+	install_data(unit_file, install_dir: systemdunitdir)
+else
+	configure_file(input : 'ninfod.sh.in',
+		output : 'ninfod.sh',
+		configuration : conf_data,
+		install : true,
+		install_dir : join_paths(get_option('sysconfdir'), 'init.d'))
+endif
diff --git a/systemd/ninfod.service.in b/systemd/ninfod.service.in
new file mode 100644
index 0000000..5ab69ca
--- /dev/null
+++ b/systemd/ninfod.service.in
@@ -0,0 +1,26 @@
+[Unit]
+Description=Respond to IPv6 Node Information Queries
+Documentation=ninfod(8)
+Requires=network.target
+After=network.target
+
+[Service]
+ExecStart=@sbindir@/ninfod -d
+
+AmbientCapabilities=CAP_NET_RAW
+DynamicUser=yes
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectSystem=strict
+ProtectHome=yes
+ProtectControlGroups=yes
+ProtectKernelTunables=yes
+ProtectKernelModules=yes
+MemoryDenyWriteExecute=yes
+RestrictRealtime=yes
+RestrictNamespaces=yes
+SystemCallArchitectures=native
+LockPersonality=yes
+
+[Install]
+WantedBy=multi-user.target