From f0532c98cd2fcd1443f8f80ed45772d56bf4cd9e Mon Sep 17 00:00:00 2001
From: Alexander Barton <alex@barton.de>
Date: Fri, 6 Jan 2017 00:34:51 +0100
Subject: [PATCH] Enhance systemd service file

- Add homepage :-)
- Remote CAP_SETUID and CAP_SETGID from CapabilityBoundingSet: This is
  nor needed, because the unit already sets User=irc and Group=irc.
- Add RestrictAddressFamilies, and restrict it to AF_INET and AF_INET6.
- Read in the Debian "default files", but note: only PARAMS is supported!
---
 contrib/ngircd.service | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/contrib/ngircd.service b/contrib/ngircd.service
index 35bc6bdb..bfaddc91 100644
--- a/contrib/ngircd.service
+++ b/contrib/ngircd.service
@@ -1,21 +1,25 @@
 [Unit]
 Description=Next Generation IRC Daemon
-Documentation=man:ngircd(8) man:ngircd.conf(5)
+Documentation=man:ngircd(8) man:ngircd.conf(5) https://ngircd.barton.de
 After=network.target
 
 [Service]
 Type=forking
 User=irc
 Group=irc
-CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_SYS_CHROOT CAP_NET_BIND_SERVICE
+CapabilityBoundingSet=CAP_SYS_CHROOT CAP_NET_BIND_SERVICE
 PrivateTmp=yes
 PrivateDevices=yes
 ProtectSystem=full
 ProtectHome=true
 NoNewPrivileges=true
+RestrictAddressFamilies=AF_INET AF_INET6
 RuntimeDirectory=ircd
 RuntimeDirectoryMode=750
-ExecStart=/usr/sbin/ngircd
+EnvironmentFile=-/etc/default/ngircd
+EnvironmentFile=-/etc/default/ngircd-full
+EnvironmentFile=-/etc/default/ngircd-full-dbg
+ExecStart=/usr/sbin/ngircd $PARAMS
 ExecReload=/bin/kill -HUP $MAINPID
 Restart=on-failure
 
-- 
2.40.0