Skip to content

Instantly share code, notes, and snippets.

@kravietz

kravietz/minecraft.service

Created March 13, 2020 22:16
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save kravietz/1c1ad16ee88c0cce5728d9d0dcebc3de to your computer and use it in GitHub Desktop.
Save kravietz/1c1ad16ee88c0cce5728d9d0dcebc3de to your computer and use it in GitHub Desktop.
Download ZIP
Hardened Minecraft systemd service
Raw
minecraft.service
[Unit]
Description=Minecraft
Requires=local-fs.target network-online.target
After=local-fs.target network-online.target
[Service]
Type=simple
ExecStart=/usr/bin/java -Xmx768M -Xms500M -jar minecraft_server.jar nogui
WorkingDirectory=/home/minecraft
User=minecraft
Group=minecraft
NoNewPrivileges=yes
CPUSchedulingPolicy=batch
ProtectSystem=strict
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
LockPersonality=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
PrivateTmp=yes
PrivateDevices=yes
ProtectHostname=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
PrivateUsers=yes
[Install]
WantedBy=multi-user.target
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment