@enjoys/context-engine 1.0.4 → 1.0.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (15) hide show
  1. package/data/commands/journalctl.json +203 -66
  2. package/data/commands/manifest.json +6 -2
  3. package/data/commands/systemctl.json +800 -23
  4. package/data/commands/systemd-analyze.json +239 -0
  5. package/data/commands/zsh.json +166 -0
  6. package/data/completion/nginx.json +561 -77
  7. package/data/completion/systemd.json +795 -47
  8. package/data/completion/zsh.json +829 -70
  9. package/data/defination/nginx.json +416 -32
  10. package/data/defination/systemd.json +538 -56
  11. package/data/defination/zsh.json +323 -86
  12. package/data/hover/nginx.json +59 -17
  13. package/data/hover/systemd.json +42 -7
  14. package/data/hover/zsh.json +44 -9
  15. package/package.json +2 -2
package/data/defination/systemd.json CHANGED
@@ -1,107 +1,589 @@
1
1
  {
2
2
  "language": "systemd",
3
3
  "definitions": {
4
- "Unit": {
4
+ "[Unit]": {
5
5
  "signature": "[Unit]",
6
- "description": "Contains generic information about the unit - description, dependencies, ordering.",
7
- "type": "section",
8
- "module": "systemd.unit"
6
+ "description": "Generic unit configuration. Defines dependencies, ordering, conditions. Present in all unit types.",
7
+ "type": "section"
9
8
  },
10
- "Service": {
9
+ "[Service]": {
11
10
  "signature": "[Service]",
12
- "description": "Configuration specific to service units - how to start, stop, and manage the process.",
13
- "type": "section",
14
- "module": "systemd.service"
11
+ "description": "Service-specific configuration: startup type, exec commands, restart policy, resource limits, security sandbox.",
12
+ "type": "section"
15
13
  },
16
- "Install": {
14
+ "[Install]": {
17
15
  "signature": "[Install]",
18
- "description": "Installation info used by systemctl enable/disable. Defines which target pulls in this unit.",
19
- "type": "section",
20
- "module": "systemd.unit"
16
+ "description": "Installation info for systemctl enable/disable. Defines which target pulls this unit.",
17
+ "type": "section"
21
18
  },
22
- "Timer": {
19
+ "[Timer]": {
23
20
  "signature": "[Timer]",
24
- "description": "Timer unit configuration. Modern replacement for cron jobs.",
25
- "type": "section",
26
- "module": "systemd.timer"
21
+ "description": "Timer configuration. Calendar or monotonic schedules. Replaces cron with more features.",
22
+ "type": "section"
23
+ },
24
+ "[Socket]": {
25
+ "signature": "[Socket]",
26
+ "description": "Socket activation. Systemd listens, starts service on connection. Enables zero-downtime restarts.",
27
+ "type": "section"
28
+ },
29
+ "[Path]": {
30
+ "signature": "[Path]",
31
+ "description": "Path-based activation. Watches filesystem paths and starts a unit when conditions are met.",
32
+ "type": "section"
33
+ },
34
+ "[Mount]": {
35
+ "signature": "[Mount]",
36
+ "description": "Mount point configuration. Equivalent to fstab entries but managed by systemd.",
37
+ "type": "section"
38
+ },
39
+ "[Swap]": {
40
+ "signature": "[Swap]",
41
+ "description": "Swap device/file configuration.",
42
+ "type": "section"
43
+ },
44
+ "[Slice]": {
45
+ "signature": "[Slice]",
46
+ "description": "Resource control configuration for a group of units using cgroup hierarchy.",
47
+ "type": "section"
48
+ },
49
+ "Description": {
50
+ "signature": "Description=string",
51
+ "description": "Human-readable description of the unit. Shown in status output and logs.",
52
+ "type": "directive",
53
+ "section": "[Unit]"
54
+ },
55
+ "Documentation": {
56
+ "signature": "Documentation=URL [URL ...]",
57
+ "description": "URIs pointing to documentation. Supports http://, https://, file:, info:, man: schemes.",
58
+ "type": "directive",
59
+ "section": "[Unit]"
60
+ },
61
+ "After": {
62
+ "signature": "After=unit [unit ...]",
63
+ "description": "Ordering dependency — start this unit after the listed units. Does NOT create a requirement, only ordering.",
64
+ "type": "directive",
65
+ "section": "[Unit]"
66
+ },
67
+ "Before": {
68
+ "signature": "Before=unit [unit ...]",
69
+ "description": "Start this unit before the listed units.",
70
+ "type": "directive",
71
+ "section": "[Unit]"
72
+ },
73
+ "Requires": {
74
+ "signature": "Requires=unit [unit ...]",
75
+ "description": "Hard requirement. If any required unit fails to start, this unit is also not started. Use with After= for ordering.",
76
+ "type": "directive",
77
+ "section": "[Unit]"
78
+ },
79
+ "Wants": {
80
+ "signature": "Wants=unit [unit ...]",
81
+ "description": "Soft requirement. Like Requires but this unit still starts even if wanted unit fails. Preferred over Requires.",
82
+ "type": "directive",
83
+ "section": "[Unit]"
84
+ },
85
+ "BindsTo": {
86
+ "signature": "BindsTo=unit [unit ...]",
87
+ "description": "Stronger than Requires: this unit is stopped when the bound unit is stopped (not just when it fails to start).",
88
+ "type": "directive",
89
+ "section": "[Unit]"
90
+ },
91
+ "PartOf": {
92
+ "signature": "PartOf=unit [unit ...]",
93
+ "description": "When the listed unit is stopped or restarted, this unit is also stopped/restarted. Does not affect starting.",
94
+ "type": "directive",
95
+ "section": "[Unit]"
96
+ },
97
+ "Conflicts": {
98
+ "signature": "Conflicts=unit [unit ...]",
99
+ "description": "Negative dependency. Starting this unit stops conflicting units and vice versa.",
100
+ "type": "directive",
101
+ "section": "[Unit]"
102
+ },
103
+ "ConditionPathExists": {
104
+ "signature": "ConditionPathExists=[!]path",
105
+ "description": "Check if path exists before starting. Prefix with ! to negate. Prefix with - to make non-fatal.",
106
+ "type": "directive",
107
+ "section": "[Unit]"
108
+ },
109
+ "ConditionFileNotEmpty": {
110
+ "signature": "ConditionFileNotEmpty=[!]path",
111
+ "description": "Check if file exists and is not empty.",
112
+ "type": "directive",
113
+ "section": "[Unit]"
114
+ },
115
+ "ConditionDirectoryNotEmpty": {
116
+ "signature": "ConditionDirectoryNotEmpty=[!]path",
117
+ "description": "Check if directory exists and is not empty.",
118
+ "type": "directive",
119
+ "section": "[Unit]"
120
+ },
121
+ "AssertPathExists": {
122
+ "signature": "AssertPathExists=[!]path",
123
+ "description": "Like ConditionPathExists but causes a failure (not skip) if not met.",
124
+ "type": "directive",
125
+ "section": "[Unit]"
126
+ },
127
+ "OnFailure": {
128
+ "signature": "OnFailure=unit [unit ...]",
129
+ "description": "Units to activate when this unit enters a 'failed' state. Useful for alerting.",
130
+ "type": "directive",
131
+ "section": "[Unit]"
132
+ },
133
+ "OnSuccess": {
134
+ "signature": "OnSuccess=unit [unit ...]",
135
+ "description": "Units to activate when this unit succeeds (deactivates cleanly).",
136
+ "type": "directive",
137
+ "section": "[Unit]"
27
138
  },
28
139
  "Type": {
29
- "signature": "Type=simple|forking|oneshot|notify|dbus",
30
- "description": "Defines the process start-up type. simple: main process stays in foreground. forking: traditional daemon. oneshot: runs once.",
140
+ "signature": "Type=simple|exec|forking|oneshot|notify|dbus|idle",
141
+ "description": "Service startup type. simple: process is the service. forking: forks to background. notify: sends sd_notify(). oneshot: runs and exits. exec: like simple but 'started' after exec() succeeds.",
31
142
  "type": "directive",
32
- "module": "systemd.service"
143
+ "section": "[Service]"
33
144
  },
34
145
  "ExecStart": {
35
- "signature": "ExecStart=/path/to/command",
36
- "description": "The command to run when the service is started. Must be an absolute path.",
146
+ "signature": "ExecStart=command",
147
+ "description": "Main command to start the service. Must be an absolute path. Use $MAINPID for the main process PID.",
148
+ "type": "directive",
149
+ "section": "[Service]"
150
+ },
151
+ "ExecStartPre": {
152
+ "signature": "ExecStartPre=[-]command",
153
+ "description": "Commands to run before ExecStart. Prefix with '-' to ignore failure. Prefix with '+' to run as root.",
154
+ "type": "directive",
155
+ "section": "[Service]"
156
+ },
157
+ "ExecStartPost": {
158
+ "signature": "ExecStartPost=[-]command",
159
+ "description": "Commands to run after ExecStart. Runs after the service is considered 'started'.",
37
160
  "type": "directive",
38
- "module": "systemd.service"
161
+ "section": "[Service]"
162
+ },
163
+ "ExecStop": {
164
+ "signature": "ExecStop=command",
165
+ "description": "Command to stop the service. If not set, SIGTERM is sent. $MAINPID holds the main process PID.",
166
+ "type": "directive",
167
+ "section": "[Service]"
168
+ },
169
+ "ExecStopPost": {
170
+ "signature": "ExecStopPost=[-]command",
171
+ "description": "Commands to run after the service is stopped. Runs even on failure.",
172
+ "type": "directive",
173
+ "section": "[Service]"
174
+ },
175
+ "ExecReload": {
176
+ "signature": "ExecReload=command",
177
+ "description": "Command to reload configuration. Commonly: /bin/kill -HUP $MAINPID.",
178
+ "type": "directive",
179
+ "section": "[Service]"
39
180
  },
40
181
  "Restart": {
41
182
  "signature": "Restart=no|on-success|on-failure|on-abnormal|on-watchdog|on-abort|always",
42
- "description": "Configures when the service should be automatically restarted.",
183
+ "description": "When to restart: on-failure (non-zero exit, signal, timeout, watchdog). always: restart unconditionally. on-abnormal: signal, timeout, watchdog.",
43
184
  "type": "directive",
44
- "module": "systemd.service"
185
+ "section": "[Service]"
45
186
  },
46
187
  "RestartSec": {
47
- "signature": "RestartSec=5",
48
- "description": "Time to sleep before restarting a service. Default is 100ms.",
188
+ "signature": "RestartSec=time",
189
+ "description": "Time to wait before restarting. Default: 100ms. Accepts s, min, h, ms, us units.",
190
+ "type": "directive",
191
+ "section": "[Service]"
192
+ },
193
+ "StartLimitBurst": {
194
+ "signature": "StartLimitBurst=n",
195
+ "description": "Maximum number of starts within StartLimitIntervalSec before the unit is held back. Default: 5.",
196
+ "type": "directive",
197
+ "section": "[Unit]"
198
+ },
199
+ "StartLimitIntervalSec": {
200
+ "signature": "StartLimitIntervalSec=time",
201
+ "description": "Time window for start rate limiting. Default: 10s. Set to 0 to disable.",
202
+ "type": "directive",
203
+ "section": "[Unit]"
204
+ },
205
+ "TimeoutStartSec": {
206
+ "signature": "TimeoutStartSec=time",
207
+ "description": "Timeout for service to start. If exceeded, service is killed (SIGTERM then SIGKILL). Default: 90s.",
208
+ "type": "directive",
209
+ "section": "[Service]"
210
+ },
211
+ "TimeoutStopSec": {
212
+ "signature": "TimeoutStopSec=time",
213
+ "description": "Timeout for service to stop. After this, SIGKILL is sent. Default: 90s.",
214
+ "type": "directive",
215
+ "section": "[Service]"
216
+ },
217
+ "WatchdogSec": {
218
+ "signature": "WatchdogSec=time",
219
+ "description": "Watchdog timeout. Service must call sd_notify(WATCHDOG=1) within this interval or be restarted.",
220
+ "type": "directive",
221
+ "section": "[Service]"
222
+ },
223
+ "KillMode": {
224
+ "signature": "KillMode=control-group|mixed|process|none",
225
+ "description": "How to kill processes: control-group (all in cgroup), mixed (SIGTERM main, SIGKILL rest), process (main only).",
226
+ "type": "directive",
227
+ "section": "[Service]"
228
+ },
229
+ "KillSignal": {
230
+ "signature": "KillSignal=signal",
231
+ "description": "Signal to send when stopping. Default: SIGTERM. Also: SIGINT, SIGQUIT, etc.",
49
232
  "type": "directive",
50
- "module": "systemd.service"
233
+ "section": "[Service]"
51
234
  },
52
235
  "User": {
53
236
  "signature": "User=username",
54
- "description": "Run the service as the specified user.",
237
+ "description": "Run the service as this user. Creates a user namespace if DynamicUser=yes.",
55
238
  "type": "directive",
56
- "module": "systemd.exec"
239
+ "section": "[Service]"
240
+ },
241
+ "Group": {
242
+ "signature": "Group=groupname",
243
+ "description": "Run the service with this group.",
244
+ "type": "directive",
245
+ "section": "[Service]"
246
+ },
247
+ "DynamicUser": {
248
+ "signature": "DynamicUser=yes|no",
249
+ "description": "Allocate a dynamic user/group at runtime. Automatically enables other sandboxing options.",
250
+ "type": "directive",
251
+ "section": "[Service]"
57
252
  },
58
253
  "WorkingDirectory": {
59
- "signature": "WorkingDirectory=/path",
60
- "description": "Set the working directory for the executed process.",
254
+ "signature": "WorkingDirectory=path",
255
+ "description": "Set working directory before starting. Special: ~ for user home, - prefix to ignore if missing.",
256
+ "type": "directive",
257
+ "section": "[Service]"
258
+ },
259
+ "RootDirectory": {
260
+ "signature": "RootDirectory=path",
261
+ "description": "Set root directory (chroot) for the service.",
61
262
  "type": "directive",
62
- "module": "systemd.exec"
263
+ "section": "[Service]"
63
264
  },
64
265
  "Environment": {
65
- "signature": "Environment=KEY=value",
66
- "description": "Set environment variables for the service process.",
266
+ "signature": "Environment=KEY=value [KEY2=value2 ...]",
267
+ "description": "Set environment variables. For multiple: use multiple Environment= lines or EnvironmentFile=.",
67
268
  "type": "directive",
68
- "module": "systemd.exec"
269
+ "section": "[Service]"
69
270
  },
70
271
  "EnvironmentFile": {
71
- "signature": "EnvironmentFile=/path/to/file",
72
- "description": "Load environment variables from a file. Prefix with - to ignore if missing.",
272
+ "signature": "EnvironmentFile=[-]path",
273
+ "description": "Read environment variables from file (KEY=value format). Prefix with - to ignore if missing.",
73
274
  "type": "directive",
74
- "module": "systemd.exec"
275
+ "section": "[Service]"
75
276
  },
76
- "After": {
77
- "signature": "After=unit.target",
78
- "description": "Defines ordering - start this unit after the listed units.",
277
+ "StandardOutput": {
278
+ "signature": "StandardOutput=inherit|null|tty|journal|kmsg|socket|file:path|append:path",
279
+ "description": "Where to send stdout. journal: systemd journal. file:path: write to file. append:path: append.",
79
280
  "type": "directive",
80
- "module": "systemd.unit"
281
+ "section": "[Service]"
81
282
  },
82
- "WantedBy": {
83
- "signature": "WantedBy=multi-user.target",
84
- "description": "When enabled, this unit will be started by the specified target.",
283
+ "StandardError": {
284
+ "signature": "StandardError=inherit|null|tty|journal|kmsg|socket|file:path|append:path",
285
+ "description": "Where to send stderr. inherit: same as StandardOutput.",
85
286
  "type": "directive",
86
- "module": "systemd.unit"
287
+ "section": "[Service]"
87
288
  },
88
- "OnCalendar": {
89
- "signature": "OnCalendar=*-*-* 00:00:00",
90
- "description": "Calendar event expression for timer units. Supports: daily, weekly, hourly, or specific timestamps.",
289
+ "SyslogIdentifier": {
290
+ "signature": "SyslogIdentifier=string",
291
+ "description": "Identifier for syslog/journal entries. Defaults to process name. Used with journalctl -u.",
292
+ "type": "directive",
293
+ "section": "[Service]"
294
+ },
295
+ "PIDFile": {
296
+ "signature": "PIDFile=path",
297
+ "description": "Path to PID file. Required for Type=forking so systemd can track the main process.",
298
+ "type": "directive",
299
+ "section": "[Service]"
300
+ },
301
+ "RemainAfterExit": {
302
+ "signature": "RemainAfterExit=yes|no",
303
+ "description": "Service remains active after main process exits. Essential for Type=oneshot.",
304
+ "type": "directive",
305
+ "section": "[Service]"
306
+ },
307
+ "NotifyAccess": {
308
+ "signature": "NotifyAccess=none|main|exec|all",
309
+ "description": "Which processes can send sd_notify() messages. Required for Type=notify.",
91
310
  "type": "directive",
92
- "module": "systemd.timer"
311
+ "section": "[Service]"
93
312
  },
94
313
  "LimitNOFILE": {
95
- "signature": "LimitNOFILE=65536",
96
- "description": "Set the max number of open file descriptors for the process.",
314
+ "signature": "LimitNOFILE=[soft:]hard",
315
+ "description": "Maximum open file descriptors. Commonly set to 65535 for servers. Maps to ulimit -n.",
316
+ "type": "directive",
317
+ "section": "[Service]"
318
+ },
319
+ "LimitNPROC": {
320
+ "signature": "LimitNPROC=[soft:]hard",
321
+ "description": "Maximum number of processes for the user. Maps to ulimit -u.",
322
+ "type": "directive",
323
+ "section": "[Service]"
324
+ },
325
+ "LimitCORE": {
326
+ "signature": "LimitCORE=[soft:]hard",
327
+ "description": "Core dump file size. Set to infinity for debugging, 0 for production.",
328
+ "type": "directive",
329
+ "section": "[Service]"
330
+ },
331
+ "LimitMEMLOCK": {
332
+ "signature": "LimitMEMLOCK=[soft:]hard",
333
+ "description": "Maximum locked-in-memory size. Set to infinity for apps like Elasticsearch.",
334
+ "type": "directive",
335
+ "section": "[Service]"
336
+ },
337
+ "MemoryMax": {
338
+ "signature": "MemoryMax=bytes",
339
+ "description": "Hard cgroup memory limit. Service is OOM-killed if exceeded. Supports K, M, G, T suffixes.",
340
+ "type": "directive",
341
+ "section": "[Service]"
342
+ },
343
+ "MemoryHigh": {
344
+ "signature": "MemoryHigh=bytes",
345
+ "description": "Soft cgroup memory limit. Processes throttled (swapped) but not killed.",
346
+ "type": "directive",
347
+ "section": "[Service]"
348
+ },
349
+ "CPUQuota": {
350
+ "signature": "CPUQuota=percentage",
351
+ "description": "CPU time limit. 100% = 1 CPU core. 200% = 2 cores.",
352
+ "type": "directive",
353
+ "section": "[Service]"
354
+ },
355
+ "TasksMax": {
356
+ "signature": "TasksMax=number|infinity",
357
+ "description": "Maximum tasks (threads + processes). Default: 4915 (15% of kernel limit).",
358
+ "type": "directive",
359
+ "section": "[Service]"
360
+ },
361
+ "NoNewPrivileges": {
362
+ "signature": "NoNewPrivileges=yes|no",
363
+ "description": "Prevent privilege escalation via setuid/setgid binaries. Always enable for untrusted services.",
97
364
  "type": "directive",
98
- "module": "systemd.exec"
365
+ "section": "[Service]"
99
366
  },
100
367
  "ProtectSystem": {
101
- "signature": "ProtectSystem=strict|full|true",
102
- "description": "Mount /usr and /boot as read-only. strict also mounts /etc as read-only.",
368
+ "signature": "ProtectSystem=yes|full|strict",
369
+ "description": "Filesystem protection. yes: /usr,/boot readonly. full: + /etc readonly. strict: everything readonly (use ReadWritePaths= for exceptions).",
370
+ "type": "directive",
371
+ "section": "[Service]"
372
+ },
373
+ "ProtectHome": {
374
+ "signature": "ProtectHome=yes|read-only|tmpfs",
375
+ "description": "Protect home directories. yes: inaccessible. tmpfs: empty tmpfs mounted over /home.",
376
+ "type": "directive",
377
+ "section": "[Service]"
378
+ },
379
+ "PrivateTmp": {
380
+ "signature": "PrivateTmp=yes|no",
381
+ "description": "Private /tmp and /var/tmp. Prevents temp file race conditions between services.",
382
+ "type": "directive",
383
+ "section": "[Service]"
384
+ },
385
+ "PrivateDevices": {
386
+ "signature": "PrivateDevices=yes|no",
387
+ "description": "Private /dev without physical devices. Only pseudo-devices like /dev/null, /dev/zero.",
388
+ "type": "directive",
389
+ "section": "[Service]"
390
+ },
391
+ "ProtectKernelTunables": {
392
+ "signature": "ProtectKernelTunables=yes|no",
393
+ "description": "Make /proc/sys, /sys readonly. Prevents kernel parameter modification.",
394
+ "type": "directive",
395
+ "section": "[Service]"
396
+ },
397
+ "ProtectKernelModules": {
398
+ "signature": "ProtectKernelModules=yes|no",
399
+ "description": "Deny loading kernel modules.",
400
+ "type": "directive",
401
+ "section": "[Service]"
402
+ },
403
+ "ProtectKernelLogs": {
404
+ "signature": "ProtectKernelLogs=yes|no",
405
+ "description": "Deny access to kernel log ring buffer (/dev/kmsg).",
406
+ "type": "directive",
407
+ "section": "[Service]"
408
+ },
409
+ "ProtectControlGroups": {
410
+ "signature": "ProtectControlGroups=yes|no",
411
+ "description": "Make cgroup hierarchy readonly.",
412
+ "type": "directive",
413
+ "section": "[Service]"
414
+ },
415
+ "ProtectHostname": {
416
+ "signature": "ProtectHostname=yes|no",
417
+ "description": "Prevent changing system hostname.",
418
+ "type": "directive",
419
+ "section": "[Service]"
420
+ },
421
+ "ProtectClock": {
422
+ "signature": "ProtectClock=yes|no",
423
+ "description": "Prevent changing system clock.",
424
+ "type": "directive",
425
+ "section": "[Service]"
426
+ },
427
+ "ReadWritePaths": {
428
+ "signature": "ReadWritePaths=path [path ...]",
429
+ "description": "Whitelist writable paths when using ProtectSystem=strict.",
430
+ "type": "directive",
431
+ "section": "[Service]"
432
+ },
433
+ "ReadOnlyPaths": {
434
+ "signature": "ReadOnlyPaths=path [path ...]",
435
+ "description": "Make additional paths read-only.",
436
+ "type": "directive",
437
+ "section": "[Service]"
438
+ },
439
+ "InaccessiblePaths": {
440
+ "signature": "InaccessiblePaths=path [path ...]",
441
+ "description": "Make paths completely inaccessible.",
442
+ "type": "directive",
443
+ "section": "[Service]"
444
+ },
445
+ "CapabilityBoundingSet": {
446
+ "signature": "CapabilityBoundingSet=cap [cap ...]",
447
+ "description": "Restrict Linux capabilities. Empty = no capabilities. Common: CAP_NET_BIND_SERVICE (ports < 1024).",
448
+ "type": "directive",
449
+ "section": "[Service]"
450
+ },
451
+ "AmbientCapabilities": {
452
+ "signature": "AmbientCapabilities=cap [cap ...]",
453
+ "description": "Capabilities given to unprivileged processes. Allows binding port 80 without root.",
454
+ "type": "directive",
455
+ "section": "[Service]"
456
+ },
457
+ "SystemCallFilter": {
458
+ "signature": "SystemCallFilter=[@set|syscall] ...",
459
+ "description": "Restrict system calls. Sets: @system-service, @basic-io, @file-system, @network-io, @process, @signal.",
460
+ "type": "directive",
461
+ "section": "[Service]"
462
+ },
463
+ "SystemCallArchitectures": {
464
+ "signature": "SystemCallArchitectures=native|x86|x86-64|...",
465
+ "description": "Restrict syscall ABIs. 'native' = only the host architecture.",
466
+ "type": "directive",
467
+ "section": "[Service]"
468
+ },
469
+ "RestrictNamespaces": {
470
+ "signature": "RestrictNamespaces=yes|no|cgroup ipc net mnt pid user uts",
471
+ "description": "Restrict namespace creation. yes = deny all. Or specify allowed types.",
472
+ "type": "directive",
473
+ "section": "[Service]"
474
+ },
475
+ "RestrictAddressFamilies": {
476
+ "signature": "RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX ...",
477
+ "description": "Restrict socket address families. Limits network access by protocol.",
478
+ "type": "directive",
479
+ "section": "[Service]"
480
+ },
481
+ "MemoryDenyWriteExecute": {
482
+ "signature": "MemoryDenyWriteExecute=yes|no",
483
+ "description": "Deny memory mappings that are both writable and executable. Prevents JIT and code injection.",
484
+ "type": "directive",
485
+ "section": "[Service]"
486
+ },
487
+ "LockPersonality": {
488
+ "signature": "LockPersonality=yes|no",
489
+ "description": "Lock the execution personality (prevents changing ABI).",
490
+ "type": "directive",
491
+ "section": "[Service]"
492
+ },
493
+ "WantedBy": {
494
+ "signature": "WantedBy=target [target ...]",
495
+ "description": "Target that pulls this unit via 'systemctl enable'. multi-user.target = boot. timers.target = timer units.",
496
+ "type": "directive",
497
+ "section": "[Install]"
498
+ },
499
+ "RequiredBy": {
500
+ "signature": "RequiredBy=target [target ...]",
501
+ "description": "Hard requirement from target. Rarely used — prefer WantedBy.",
502
+ "type": "directive",
503
+ "section": "[Install]"
504
+ },
505
+ "Also": {
506
+ "signature": "Also=unit [unit ...]",
507
+ "description": "Additional units to enable/disable together with this unit.",
508
+ "type": "directive",
509
+ "section": "[Install]"
510
+ },
511
+ "OnCalendar": {
512
+ "signature": "OnCalendar=expression",
513
+ "description": "Calendar event expression. Format: DayOfWeek Year-Month-Day Hour:Min:Sec. Shortcuts: minutely, hourly, daily, weekly, monthly, yearly.",
514
+ "type": "directive",
515
+ "section": "[Timer]"
516
+ },
517
+ "OnBootSec": {
518
+ "signature": "OnBootSec=time",
519
+ "description": "Trigger timer this long after boot.",
520
+ "type": "directive",
521
+ "section": "[Timer]"
522
+ },
523
+ "OnUnitActiveSec": {
524
+ "signature": "OnUnitActiveSec=time",
525
+ "description": "Trigger this long after the associated unit was last activated. Creates repeating timer.",
526
+ "type": "directive",
527
+ "section": "[Timer]"
528
+ },
529
+ "OnUnitInactiveSec": {
530
+ "signature": "OnUnitInactiveSec=time",
531
+ "description": "Trigger this long after the associated unit was last deactivated.",
532
+ "type": "directive",
533
+ "section": "[Timer]"
534
+ },
535
+ "Persistent": {
536
+ "signature": "Persistent=yes|no",
537
+ "description": "If timer missed while system was off, trigger immediately on next boot.",
538
+ "type": "directive",
539
+ "section": "[Timer]"
540
+ },
541
+ "RandomizedDelaySec": {
542
+ "signature": "RandomizedDelaySec=time",
543
+ "description": "Add random delay to prevent multiple timers firing simultaneously (thundering herd).",
544
+ "type": "directive",
545
+ "section": "[Timer]"
546
+ },
547
+ "AccuracySec": {
548
+ "signature": "AccuracySec=time",
549
+ "description": "Timer accuracy. Lower = more precise, higher = more battery-friendly. Default: 1min.",
103
550
  "type": "directive",
104
- "module": "systemd.exec"
551
+ "section": "[Timer]"
552
+ },
553
+ "%n": {
554
+ "signature": "%n",
555
+ "description": "Full unit name (e.g., myapp@8080.service).",
556
+ "type": "specifier"
557
+ },
558
+ "%N": {
559
+ "signature": "%N",
560
+ "description": "Unescaped full unit name.",
561
+ "type": "specifier"
562
+ },
563
+ "%p": {
564
+ "signature": "%p",
565
+ "description": "Prefix name (before @ for template instances).",
566
+ "type": "specifier"
567
+ },
568
+ "%i": {
569
+ "signature": "%i",
570
+ "description": "Instance name (between @ and suffix). E.g., 8080 in myapp@8080.service.",
571
+ "type": "specifier"
572
+ },
573
+ "%I": {
574
+ "signature": "%I",
575
+ "description": "Unescaped instance name.",
576
+ "type": "specifier"
577
+ },
578
+ "%H": {
579
+ "signature": "%H",
580
+ "description": "Machine hostname.",
581
+ "type": "specifier"
582
+ },
583
+ "$MAINPID": {
584
+ "signature": "$MAINPID",
585
+ "description": "PID of the main process. Available in ExecReload=, ExecStop=.",
586
+ "type": "specifier"
105
587
  }
106
588
  }
107
589
  }