fix: systemd configuration (#1097)

1. Tune some security directives.
2. Fix the flags file that mistakenly configured dragonfly to store its dump files into /run (tmpfs).

Signed-off-by: Roman Gershman <roman@dragonflydb.io>

tools/packaging/debian/dragonfly.conf

@@ -1,4 +1,4 @@
 --pidfile=/var/run/dragonfly/dragonfly.pid
 --log_dir=/var/log/dragonfly
---dir=/var/run/dragonfly
+--dir=/var/lib/dragonfly
 --version_check=true

tools/packaging/debian/dragonfly.service

@@ -5,9 +5,10 @@ Documentation=
 
 [Service]
 Type=simple
+EnvironmentFile=-/etc/dragonfly/environment
 ExecStart=/usr/bin/dragonfly --flagfile=/etc/dragonfly/dragonfly.conf
 PIDFile=/var/run/dragonfly/dragonfly.pid
-TimeoutStopSec=0
+TimeoutStopSec=infinity
 Restart=always
 User=dfly
 Group=dfly
@@ -16,10 +17,11 @@ RuntimeDirectoryMode=2755
 
 UMask=007
 PrivateTmp=yes
-LimitNOFILE=65535
+LimitNOFILE=262144
 PrivateDevices=yes
 ProtectHome=yes
-ReadOnlyDirectories=/
+ProtectSystem=full
+
 ReadWritePaths=-/var/lib/dragonfly
 ReadWritePaths=-/var/log/dragonfly
 ReadWritePaths=-/var/run/dragonfly
@@ -34,8 +36,7 @@ RestrictRealtime=true
 RestrictNamespaces=true
 RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
 
-ProtectSystem=true
+
-ReadWriteDirectories=-/etc/dragonfly
 
 [Install]
 WantedBy=multi-user.target