chore: simplify default mainnet systemd config of `chainflip-node.s…

…ervice` 😌 (#4199)
chainflip-io · Nov 3, 2023 · 5026646 · 5026646
1 parent 7996039
commit 5026646
Show file tree

Hide file tree

Showing 2 changed files with 0 additions and 57 deletions.
diff --git a/state-chain/node/package/berghain/chainflip-archive-node.service b/state-chain/node/package/berghain/chainflip-archive-node.service
@@ -5,48 +5,19 @@ Description=Chainflip Archive Node
 Restart=always
 RestartSec=30
 
-User=flip
-Group=flip
-
 WorkingDirectory=/etc/chainflip
 
 ExecStart=/usr/bin/chainflip-node \
     --chain=/etc/chainflip/berghain.chainspec.json \
     --base-path=/etc/chainflip/chaindata \
     --node-key-file=/etc/chainflip/keys/node_key_file \
     --trie-cache-size=0 \
-    --prometheus-external \
     --rpc-cors=all \
     --rpc-methods=unsafe \
     --state-pruning=archive \
     --blocks-pruning=archive \
     --unsafe-rpc-external \
     --sync=full
 
-NoNewPrivileges=yes
-CapabilityBoundingSet=
-SystemCallArchitectures=native
-SystemCallFilter=@system-service
-
-PrivateDevices=yes
-PrivateUsers=yes
-PrivateTmp=yes
-
-ProtectClock=yes
-ProtectHome=true
-ProtectKernelLogs=yes
-ProtectKernelModules=yes
-ProtectKernelTunables=yes
-ProtectHostname=yes
-ProtectControlGroups=yes
-
-RestrictNamespaces=yes
-RestrictRealtime=yes
-RestrictSUIDSGID=yes
-RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX AF_NETLINK
-
-StandardOutput=journal
-StandardError=journal
-
 [Install]
 WantedBy=multi-user.target
diff --git a/state-chain/node/package/berghain/chainflip-genesis-node.service b/state-chain/node/package/berghain/chainflip-genesis-node.service
@@ -5,9 +5,6 @@ Description=Chainflip Genesis Node
 Restart=always
 RestartSec=30
 
-User=flip
-Group=flip
-
 WorkingDirectory=/etc/chainflip
 
 ExecStart=/usr/bin/chainflip-node \
@@ -18,30 +15,5 @@ ExecStart=/usr/bin/chainflip-node \
     --trie-cache-size=0 \
     --sync=full
 
-NoNewPrivileges=yes
-CapabilityBoundingSet=
-SystemCallArchitectures=native
-SystemCallFilter=@system-service
-
-PrivateDevices=yes
-PrivateUsers=yes
-PrivateTmp=yes
-
-ProtectClock=yes
-ProtectHome=true
-ProtectKernelLogs=yes
-ProtectKernelModules=yes
-ProtectKernelTunables=yes
-ProtectHostname=yes
-ProtectControlGroups=yes
-
-RestrictNamespaces=yes
-RestrictRealtime=yes
-RestrictSUIDSGID=yes
-RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX AF_NETLINK
-
-StandardOutput=journal
-StandardError=journal
-
 [Install]
 WantedBy=multi-user.target