Running Newt as a Systemd Service

Networking
, ,
1

Running as a Systemd Service

image
image1125×578 217 KB

This guide explains how to run Newt as a systemd service on Linux systems, allowing it to start automatically on boot and be managed through the systemd service manager.

Prerequisites

  • A Linux system using systemd (most modern distributions)
  • Root or sudo access
  • Newt binary installed (see Install Guide)

Create the Service File

  1. Create a new systemd service file:
sudo nano /etc/systemd/system/newt.service
  1. Add the following configuration, replacing the values with your actual Newt configuration:
[Unit]
Description=Newt Client Service
After=network-online.target
Wants=network-online.target

[Service]
Type=simple
ExecStart=/usr/local/bin/newt --id YOUR_NEWT_ID --secret YOUR_NEWT_SECRET --endpoint YOUR_PANGOLIN_ENDPOINT
Restart=always
RestartSec=10

# Security hardening options
User=newt
Group=newt
NoNewPrivileges=yes
ProtectSystem=strict
ProtectHome=yes
PrivateTmp=yes
PrivateDevices=yes
ReadWritePaths=/var/lib/newt

[Install]
WantedBy=multi-user.target

Security Considerations

The service file includes several security hardening options:

  • User and Group: Runs Newt under a dedicated user account
  • NoNewPrivileges: Prevents the service from gaining additional privileges
  • ProtectSystem: Restricts write access to system directories
  • ProtectHome: Prevents access to user home directories
  • PrivateTmp: Provides private /tmp directory
  • PrivateDevices: Restricts access to system devices
  • ReadWritePaths: Specifies allowed writeable directories

Setup Steps

  1. Create a dedicated system user:
sudo useradd -r -s /bin/false newt
  1. Create required directories:
sudo mkdir -p /var/lib/newt
sudo chown newt:newt /var/lib/newt
  1. Enable and start the service:
sudo systemctl daemon-reload
sudo systemctl enable newt
sudo systemctl start newt

Managing the Service

  • Check status: sudo systemctl status newt
  • View logs: sudo journalctl -u newt
  • Stop service: sudo systemctl stop newt
  • Restart service: sudo systemctl restart newt

Troubleshooting

  1. Check service status and logs:
sudo systemctl status newt
sudo journalctl -u newt -f
  1. Verify permissions:
ls -l /usr/local/bin/newt
ls -l /var/lib/newt
  1. Test the configuration:
sudo systemctl start newt
sudo systemctl status newt

:::note
Make sure to keep your Newt ID and secret secure. Don’t share the service file containing these values.
:::