commit f0532c98cd2fcd1443f8f80ed45772d56bf4cd9e
from: Alexander Barton <alex@barton.de>
date: Thu Jan 05 23:34:51 2017 UTC

Enhance systemd service file

- Add homepage :-)
- Remote CAP_SETUID and CAP_SETGID from CapabilityBoundingSet: This is
  nor needed, because the unit already sets User=irc and Group=irc.
- Add RestrictAddressFamilies, and restrict it to AF_INET and AF_INET6.
- Read in the Debian "default files", but note: only PARAMS is supported!

commit - 9e0e955daf57b997792ca55a236498694ce634e2
commit + f0532c98cd2fcd1443f8f80ed45772d56bf4cd9e
blob - 35bc6bdbbd5fbff273f5229bff6d9d13e050b3d8
blob + bfaddc91a45ff591fdc76dbf91744d176933f744
--- contrib/ngircd.service
+++ contrib/ngircd.service
@@ -1,21 +1,25 @@
 [Unit]
 Description=Next Generation IRC Daemon
-Documentation=man:ngircd(8) man:ngircd.conf(5)
+Documentation=man:ngircd(8) man:ngircd.conf(5) https://ngircd.barton.de
 After=network.target
 
 [Service]
 Type=forking
 User=irc
 Group=irc
-CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_SYS_CHROOT CAP_NET_BIND_SERVICE
+CapabilityBoundingSet=CAP_SYS_CHROOT CAP_NET_BIND_SERVICE
 PrivateTmp=yes
 PrivateDevices=yes
 ProtectSystem=full
 ProtectHome=true
 NoNewPrivileges=true
+RestrictAddressFamilies=AF_INET AF_INET6
 RuntimeDirectory=ircd
 RuntimeDirectoryMode=750
-ExecStart=/usr/sbin/ngircd
+EnvironmentFile=-/etc/default/ngircd
+EnvironmentFile=-/etc/default/ngircd-full
+EnvironmentFile=-/etc/default/ngircd-full-dbg
+ExecStart=/usr/sbin/ngircd $PARAMS
 ExecReload=/bin/kill -HUP $MAINPID
 Restart=on-failure