lnd/contrib/init/lnd.service

# A sample systemd service file for lnd running with a bitcoind service.

[Unit]
Description=Lightning Network Daemon

# Make sure lnd starts after bitcoind is ready
Requires=bitcoind.service
After=bitcoind.service

[Service]
ExecStart=/usr/local/bin/lnd
ExecStop=/usr/local/bin/lncli stop

# Replace these with the user:group that will run lnd
User=bitcoin
Group=bitcoin

# Try restarting lnd if it stops due to a failure
Restart=on-failure
RestartSec=60

# Type=notify is required for lnd to notify systemd when it is ready
Type=notify

# An extended timeout period is needed to allow for database compaction
# and other time intensive operations during startup. We also extend the
# stop timeout to ensure graceful shutdowns of lnd.
TimeoutStartSec=1200
TimeoutStopSec=3600

# Hardening Measures
####################

# Mount /usr, /boot/ and /etc read-only for the process.
ProtectSystem=full

# Disallow the process and all of its children to gain
# new privileges through execve().
NoNewPrivileges=true

# Use a new /dev namespace only populated with API pseudo devices
# such as /dev/null, /dev/zero and /dev/random.
PrivateDevices=true

# Deny the creation of writable and executable memory mappings.
MemoryDenyWriteExecute=true

[Install]
WantedBy=multi-user.target
docs: add example systemd service file This is an example systemd service file for lnd designed to run alongside a bitcoind service. This file is loosely based on https://github.com/bitcoin/bitcoin/blob/master/contrib/init/bitcoind.service, https://gist.github.com/Stadicus/f0c6db4fa6cf787f19d9d3444b91633f, and my own experience managing lnd with systemd. 2021-11-28 05:26:34 +01:00			`# A sample systemd service file for lnd running with a bitcoind service.`

			`[Unit]`
			`Description=Lightning Network Daemon`

			`# Make sure lnd starts after bitcoind is ready`
			`Requires=bitcoind.service`
			`After=bitcoind.service`

			`[Service]`
			`ExecStart=/usr/local/bin/lnd`
			`ExecStop=/usr/local/bin/lncli stop`

			`# Replace these with the user:group that will run lnd`
			`User=bitcoin`
			`Group=bitcoin`

			`# Try restarting lnd if it stops due to a failure`
			`Restart=on-failure`
			`RestartSec=60`

			`# Type=notify is required for lnd to notify systemd when it is ready`
			`Type=notify`

			`# An extended timeout period is needed to allow for database compaction`
			`# and other time intensive operations during startup. We also extend the`
			`# stop timeout to ensure graceful shutdowns of lnd.`
			`TimeoutStartSec=1200`
			`TimeoutStopSec=3600`

			`# Hardening Measures`
			`####################`

			`# Mount /usr, /boot/ and /etc read-only for the process.`
			`ProtectSystem=full`

			`# Disallow the process and all of its children to gain`
			`# new privileges through execve().`
			`NoNewPrivileges=true`

			`# Use a new /dev namespace only populated with API pseudo devices`
			`# such as /dev/null, /dev/zero and /dev/random.`
			`PrivateDevices=true`

			`# Deny the creation of writable and executable memory mappings.`
			`MemoryDenyWriteExecute=true`

			`[Install]`
			`WantedBy=multi-user.target`