Systemd

Project Website

systemd-run(1)

systemd-system.conf(5)

Unit types

Syntax

systemd.syntax(7)

[Section A]
KeyOne=value 1
KeyTwo=value 2

# a comment

[Section B]
Setting="something" "some thing" "..."
KeyTwo=value 2 \
       value 2 continued

[Section C]
KeyThree=value 3\
# this line is ignored
; this line is ignored too
         value 3 continued

Search Path

systemd-analyze unit-paths

/usr/local/lib/systemd/system/* is probably the best place for “non Arch Linux installed” unit files.

systemd-analyze --user unit-paths

[Install]

/usr/lib/systemd/system/nginx.service and /usr/lib/systemd/system/postgresql.service

[Install]
WantedBy=multi-user.target

systemctl list-units

This lists processes with 10 different kinds of suffixes:

2. Socket

systemd.socket(5) daemon(7)

dbus.socket

3. Target

systemd.target(5)

basic.target

4. Device

systemd.device(5)

sys-devices-pci0000:00-0000:00:04.0-virtio2-net-eth0.device

5. Mount

systemd.mount(5)

tmp.mount

6. Automount

systemd.automount(5)

proc-sys-fs-binfmt_misc.automount

7. Timer

systemd.timer(5)

certbot-renewal.timer

8. Swap

systemd.swap(5)

dev-sdb.swap

9. Path

systemd.path(5)

systemd-ask-password-console.path

10. Slice

systemd.slice(5)

system-getty.slice

11. Scope

systemd.scope(5)

init.scope

systemd.special(7)

logging daemon

daemon config files, see systemd-system.conf(5), systemd-user.conf(5), logind.conf(5), journald.conf(5), journal- remote.conf(5), journal-upload.conf(5), systemd-sleep.conf(5), timesyncd.conf(5)

hostname

systemd contains native implementations of various tasks that need to be executed as part of the boot process. For example, it sets the hostname or configures the loopback network device. It also sets up and mounts various API file systems, such as /sys/, /proc/, and /dev/.

date

locale

maintain a list of logged-in users

running containers and virtual machines

system accounts

runtime directories and settings

daemons to manage simple network configuration

netdev and network files, see systemd.netdev(5), systemd.network(5)

network time synchronization

log forwarding

name resolution.

nspawn files, see systemd.nspawn(5)

Arch Linux

Components

• systemd
• systemctl
• systemd-analyze
• journald
• libudev
• localed
• logind
• hostnamed
• homed
• networkd
• resolved
• systemd-boot
• systemd-bsod
• systemd-nspawn
• timedated
• timesyncd
• tmpfiles
• udevd

unit

[Unit]

This is common to all unit types. It contains metadata about the service such as a description.

systemd.unit(5)

/usr/lib/systemd/system/nginx.service

[Unit]
Description=nginx web server
After=network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target

/usr/lib/systemd/system/postgresql.service

[Unit]
Description=PostgreSQL database server
Documentation=man:postgres(1)
After=network.target network-online.target
Wants=network-online.target

/usr/lib/systemd/system/tmp.mount

[Unit]
Description=Temporary Directory /tmp
Documentation=https://systemd.io/TEMPORARY_DIRECTORIES
Documentation=man:file-hierarchy(7)
Documentation=https://systemd.io/API_FILE_SYSTEMS
ConditionPathIsSymbolicLink=!/tmp
DefaultDependencies=no
Conflicts=umount.target
Before=local-fs.target umount.target
After=swap.target

service

[Service]

systemd.service(5)

/usr/lib/systemd/system/nginx.service

[Service]
Type=forking
PIDFile=/run/nginx.pid
PrivateDevices=yes
PrivateTmp=true
SyslogLevel=err

ExecStart=/usr/bin/nginx
ExecReload=/usr/bin/nginx -s reload
Restart=on-failure
KillMode=mixed
KillSignal=SIGQUIT
TimeoutStopSec=5

/usr/lib/systemd/system/postgresql.service

[Service]
Type=notify
TimeoutSec=120
User=postgres
Group=postgres

Environment=PGROOT=/var/lib/postgres

SyslogIdentifier=postgres
PIDFile=/var/lib/postgres/data/postmaster.pid
RuntimeDirectory=postgresql
RuntimeDirectoryMode=755

ExecStartPre=/usr/bin/postgresql-check-db-dir ${PGROOT}/data
ExecStart=/usr/bin/postgres -D ${PGROOT}/data
ExecReload=/bin/kill -HUP ${MAINPID}
KillMode=mixed
KillSignal=SIGINT

# Due to PostgreSQL's use of shared memory, OOM killer is often overzealous in
# killing Postgres, so adjust it downward
OOMScoreAdjust=-200

# Additional security-related features
PrivateTmp=true
ProtectHome=true
ProtectSystem=full
NoNewPrivileges=true
ProtectControlGroups=true
ProtectKernelModules=true
ProtectKernelTunables=true
PrivateDevices=true
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictNamespaces=true
RestrictRealtime=true
SystemCallArchitectures=native

systemd.exec(5)

sockets

Socket Activated Internet Services and OS Containers