Add systemd unit file for ndncert-ca-server
This commit also updates waf to version 2.0.14
Refs: #4594
Change-Id: Ic168b3151eb2b9de0487e034dc049d3221ea0a56
diff --git a/systemd/ndncert-server.service.in b/systemd/ndncert-server.service.in
new file mode 100644
index 0000000..b8b81cc
--- /dev/null
+++ b/systemd/ndncert-server.service.in
@@ -0,0 +1,35 @@
+[Unit]
+Description=Certificate Management Service for NDN
+BindsTo=nfd.service
+After=nfd.service
+
+[Service]
+Environment=HOME=%S/ndn/ndncert
+EnvironmentFile=-@SYSCONFDIR@/default/ndncert
+ExecStart=@BINDIR@/ndncert-ca-server $FLAGS
+Restart=on-failure
+RestartPreventExitStatus=2
+User=ndncert
+
+LockPersonality=yes
+MemoryDenyWriteExecute=yes
+NoNewPrivileges=yes
+PrivateDevices=yes
+PrivateTmp=yes
+PrivateUsers=yes
+ProtectControlGroups=yes
+ProtectHome=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+ProtectSystem=full
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictNamespaces=yes
+RestrictRealtime=yes
+StateDirectory=ndn/ndncert
+SystemCallArchitectures=native
+SystemCallErrorNumber=EPERM
+SystemCallFilter=~@clock @cpu-emulation @debug @module @mount @obsolete @privileged @raw-io @reboot @setuid @swap
+
+[Install]
+WantedBy=multi-user.target
+WantedBy=nfd.service