File boinc-client.service of Package boinc-client

[Unit]
Description=Berkeley Open Infrastructure Network Computing Client
Documentation=man:boinc(1)
After=network-online.target

[Service]
Type=simple
WorkingDirectory=~
EnvironmentFile=-/etc/sysconfig/boinc-client
Nice=10
User=boinc
ProtectHome=true
CPUSchedulingPolicy=batch
Slice=background.slice
### boinc logs (with --redirectio) to stdoutdae.txt and stderrdae.txt
#PermissionsStartOnly=yes
#ExecStartPre=/bin/sleep 1
#ExecStartPre=/usr/bin/touch /var/log/boinc-client.log /var/log/boinc-client.err.log
#ExecStartPre=/usr/bin/chown $BOINC_BOINC_USR:$BOINC_BOINC_GRP /var/log/boinc-client.log /var/log/boinc-client.err.log
ExecStart=/usr/bin/boinc --dir $BOINC_BOINC_DIR $BOINC_BOINC_OPTS
ExecStop=/usr/bin/boinccmd --quit
ExecReload=/usr/bin/boinccmd --read_cc_config
ExecStopPost=/bin/rm -f ${BOINC_BOINC_DIR}/lockfile

# Additional options taken from the upstream service file at
# https://github.com/BOINC/boinc/client/scripts/boinc-client.service.in
ProtectSystem=full
ProtectControlGroups=true
ReadWritePaths=-/var/lib/boinc -/etc/boinc-client
IOSchedulingClass=idle
# The following options prevent setuid root as they imply NoNewPrivileges=true
# Since Atlas requires setuid root, they break Atlas
# In order to improve security, if you're not using Atlas,
# Add these options to the [Service] section of an override file using
# sudo systemctl edit boinc-client.service
#NoNewPrivileges=true
#ProtectKernelModules=true
#ProtectKernelTunables=true
#RestrictRealtime=true
#RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
#RestrictNamespaces=true
#PrivateUsers=true
#CapabilityBoundingSet=
#MemoryDenyWriteExecute=true
#PrivateTmp=true  #Block X11 idle detection

[Install]
WantedBy=multi-user.target