make authority, mix, provider systemd unit files

[moba]

This seems to work for me as user unit file for the authority, but needs absolute paths in it so is not ideal. Also, systemd probably has better isolation features than this.

❯ cat katzenpost-authority.service 
[Unit]
Description=Katzenpost Authority Server
After=network.target 

[Service]
Type=simple
ExecStart=/absolute/path/nonvoting -f /yet/another/absolute/path/authority.toml
PrivateTmp=yes
NoNewPrivileges=yes
RestartSec=5
Restart=on-failure

[Install]
WantedBy=default.target
❯ cp katzenpost-authority.service  ~/.config/systemd/user/
❯ systemctl --user enable katzenpost-authority
❯ systemctl --user start katzenpost-authority

[moba]

LEAP is still on Debian Jessie, and at least there I didn't manage to get user services to work. We're using global services:

# cat /etc/systemd/system/katzenmix.service 
[Unit]
Description=Katzenpost Mix Server
After=network.target

[Service]
Type=simple
User=katzenpost
WorkingDirectory=/home/katzenpost/node
ExecStart=/home/katzenpost/node/server -f katzenpost.toml
PrivateTmp=yes
NoNewPrivileges=yes
# RestartSec=5
Restart=on-failure

[Install]
WantedBy=default.target

# systemctl enable katzenmix
# systemctl start katzenmix

http://0pointer.de/blog/projects/security.html is a good intro into systemd isolation features we might want to add besides PrivateTmp and NoNewPrivileges.