contrib/dist/tor.service.in

   1 # tor.service -- this systemd configuration file for Tor sets up a
   2 # relatively conservative, hardened Tor service.  You may need to
   3 # edit it if you are making changes to your Tor configuration that it
   4 # does not allow.  Package maintainers: this should be a starting point
   5 # for your tor.service; it is not the last point.
   6
   7 [Unit]
   8 Description=Anonymizing overlay network for TCP
   9 After=syslog.target network.target nss-lookup.target
  10
  11 [Service]
  12 Type=notify
  13 NotifyAccess=all
  14 ExecStartPre=@BINDIR@/tor -f @CONFDIR@/torrc --verify-config
  15 ExecStart=@BINDIR@/tor -f @CONFDIR@/torrc
  16 ExecReload=/bin/kill -HUP ${MAINPID}
  17 KillSignal=SIGINT
  18 TimeoutSec=30
  19 Restart=on-failure
  20 WatchdogSec=1m
  21 LimitNOFILE=32768
  22
  23 # Hardening
  24 PrivateTmp=yes
  25 PrivateDevices=yes
  26 ProtectHome=yes
  27 ProtectSystem=full
  28 ReadOnlyDirectories=/
  29 ReadWriteDirectories=-@LOCALSTATEDIR@/lib/tor
  30 ReadWriteDirectories=-@LOCALSTATEDIR@/log/tor
  31 NoNewPrivileges=yes
  32 CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE
  33
  34 [Install]
  35 WantedBy=multi-user.target