minecraft-server-Proxmox/minecraft.service at main · TimInTech/minecraft-server-Proxmox · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
[Unit]
Description=Minecraft Server (Paper)
After=network.target

[Service]
User=minecraft
Group=minecraft
WorkingDirectory=/opt/minecraft
ExecStart=/opt/minecraft/start.sh
Restart=on-failure
UMask=0027

# NOTE: Systemd hardening options to reduce attack surface
NoNewPrivileges=true
ProtectSystem=full
ProtectHome=true
PrivateTmp=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectControlGroups=true
RestrictSUIDSGID=true
RestrictNamespaces=true
CapabilityBoundingSet=
AmbientCapabilities=
ReadWritePaths=/opt/minecraft

# Optional: set RETAIN_DAYS via Environment or drop-in. Example cleanup after start:
#ExecStartPost=/bin/bash -lc 'BACKUP_DIR=${BACKUP_DIR:-/var/backups/minecraft}; mkdir -p "$BACKUP_DIR"; find "$BACKUP_DIR" -type f -name "*.tar.gz" -mtime +"${RETAIN_DAYS:-7}" -delete'

[Install]
WantedBy=multi-user.target