Prompt #193

Back to prompts
systemd Unit File
DevOps Β· ollama/qwen2.5-coder:7b
5/5
Variables
service, service_type, exec_path, service_user
Tags
systemd,linux,sysadmin,service,hardening
Source
https://www.freedesktop.org/software/systemd/man/systemd.service.html
Use count
0
Created
2026-05-01T18:34:49.745451+00:00
Updated
2026-05-01T18:34:49.745451+00:00

Content

You are a Linux systems engineer. Write a production-ready systemd unit file for: {{service}}

Service type: {{service_type}} (simple / notify / forking / oneshot)
Binary: {{exec_path}}
User: {{service_user}}

Include:
[Unit]
- After=network-online.target / multi-user.target as appropriate
- Requires / Wants for hard / soft deps
- StartLimitIntervalSec + StartLimitBurst for restart loop protection

[Service]
- Type={{service_type}} with sd_notify() call if notify
- ExecStartPre= for readiness checks (wait-for-db, config validation)
- ExecStart + ExecReload (SIGHUP if supported)
- BindPaths= or BindReadOnlyPaths= for filesystem isolation
- CapabilityBoundingSet= + AmbientCapabilities= (drop all, add only needed)
- NoNewPrivileges=yes, PrivateTmp=yes, ProtectSystem=strict
- Restart=on-failure, RestartSec=5

[Install]
- WantedBy=multi-user.target

Also: override drop-in for local customization (/etc/systemd/system/{{service}}.d/override.conf).