initial commit

author: Stonewall Jackson <stonewall@sacredheartsc.com> 2023-02-04 01:23:43 -0500
committer: Stonewall Jackson <stonewall@sacredheartsc.com> 2023-02-04 01:52:13 -0500
commit: 0261e875679f1bf63c8d689da7fc7e014597885d (patch)
tree: 3f19cd74a0c1070944f75437f30b098d6ef2ffcb /roles/solr/templates/etc/systemd
download: selfhosted-0261e875679f1bf63c8d689da7fc7e014597885d.tar.gz
selfhosted-0261e875679f1bf63c8d689da7fc7e014597885d.zip
1 files changed, 63 insertions, 0 deletions
diff --git a/roles/solr/templates/etc/systemd/system/solr.service.j2 b/roles/solr/templates/etc/systemd/system/solr.service.j2
new file mode 100644
index 0000000..52ee55f
--- /dev/null
+++ b/roles/solr/templates/etc/systemd/system/solr.service.j2
@@ -0,0 +1,63 @@
+[Unit]
+Description=Apache Solr
+Before=dovecot.service
+
+[Service]
+Type=simple
+User=solr
+LimitNOFILE=65000
+LimitNPROC=65000
+Restart=on-failure
+
+ProtectSystem=strict
+ReadWritePaths={{ solr_data_dir }} /var/log/solr
+
+# Harden this java nightmare
+NoNewPrivileges=yes
+PrivateTmp=yes
+PrivateDevices=yes
+DevicePolicy=closed
+ProtectSystem=strict
+ProtectHome=yes
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictNamespaces=yes
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+LockPersonality=yes
+
+WorkingDirectory={{ solr_install_dir }}/server
+LogsDirectory=solr
+
+Environment=SOLR_HOME={{ solr_data_dir }}
+Environment=SOLR_CONF_DIR=${SOLR_HOME}/server/solr/configsets/_default/conf
+Environment=JVM_ARGS=
+Environment=JVM_GC_ARGS="-XX:+UseG1GC -XX:+PerfDisableSharedMem -XX:+ParallelRefProcEnabled -XX:MaxGCPauseMillis=250 -XX:+UseLargePages -XX:+AlwaysPreTouch -XX:+ExplicitGCInvokesConcurrent"
+Environment=JVM_HEAP_SIZE=512m
+Environment=JETTY_HOST=localhost
+Environment=JETTY_PORT=8983
+Environment=LOG4J_PROPS={{ solr_install_dir }}/server/resources/log4j2.xml
+EnvironmentFile=/etc/sysconfig/solr
+
+ExecStart=java -server \
+  $JVM_ARGS \
+  -Xmx${JVM_HEAP_SIZE} \
+  $SOLR_OPTS \
+  $JVM_GC_ARGS \
+  -XX:+CrashOnOutOfMemoryError \
+  -Dlog4j.configurationFile=${LOG4J_PROPS} \
+  -Dsolr.log.dir=/var/log/solr \
+  -Djetty.host=${JETTY_HOST} \
+  -Djetty.port=${JETTY_PORT} \
+  -Djetty.home={{ solr_install_dir }}/server \
+  -Dsolr.solr.home=${SOLR_HOME} \
+  -Dsolr.data.home= \
+  -Dsolr.install.dir={{ solr_install_dir }} \
+  -Dsolr.default.confdir=${SOLR_CONF_DIR} \
+  -Dlog4j2.formatMsgNoLookups=true \
+  -jar start.jar --module=http --module=gzip
+
+[Install]
+WantedBy=multi-user.target
author	Stonewall Jackson <stonewall@sacredheartsc.com>	2023-02-04 01:23:43 -0500
committer	Stonewall Jackson <stonewall@sacredheartsc.com>	2023-02-04 01:52:13 -0500
commit	0261e875679f1bf63c8d689da7fc7e014597885d (patch)
tree	3f19cd74a0c1070944f75437f30b098d6ef2ffcb /roles/solr/templates/etc/systemd
download	selfhosted-0261e875679f1bf63c8d689da7fc7e014597885d.tar.gz selfhosted-0261e875679f1bf63c8d689da7fc7e014597885d.zip