SystemD

Systemctl

enable/disable [--now] unit
start/stop/restart/reload unit
daemon-reload
help unit
status [unit]
list-units [--type=target]
--failed
is-enabled unit # check if a unit is enabled
list-timers --all 
mask/umask  # make it [im]possible to start

Unit

# location for system wide units
/usr/lib/systemd/system/
/et/systemd/system/
# location for user units
/usr/lib/systemd/user/
~/.local/share/systemd/user/
/etc/systemd/user/
~/.config/systemd/user/

# view unit
systemctl cat unit

# replacement unit file
systemctl edit --full unit 

# create a drop in
systemctl edit unit
# alternatively
vi /etc/systemd/system/unit.d/override.conf
vi /etc/systemd/system/user@.service.d/local.conf
# example - need to clear ExecStart first
[Service]
ExecStart=
ExecStart=new command
# revert
systemctl revert unit

## variables
%i  # instance
%h  # home dictory
%n  # unit name, %N  reverse escapes
%p  # unit prefix
%u  # user name
%U  # UID
%H  # hostname

## types of units
service # actual service
socket  # listen to a socket
target  # a group of units

WantedBy

# Wants is in Unit section; less strict than Requires=
[Unit]
Wants=

# WantedBy is in Install section
# multi-user.target is headless start
# graphical.target is GUI start
# user.target is for user only
# separate from enable/disable state
# if WantedBy is not set, enable/disable will do nothing
[Install]
WantedBy=multi-user.target

Tips

# running after network is up
Wants=network-online.target
After=network-online.target

Journald

journalctl -b -1 # from previous boot
journalctl -x # include explanations of log message
journalctl /usr/lib/systemd/systemd # follow a specific executable
journalctl _PID=1 # by a specific process
journalctl -u sshd # by a specific unit
journalctl -t identifier # by identifier
journalctl -p err..alert # only error, critical and alert priority
journalctl -p 3 # all higher priority log levels (0-3)

journalctl -p 3 -xb # priority 3 or higher, include explanations and current boot

# limit size; default 10% capped at 4GiB
/etc/systemd/journald.conf
    SystemMaxUse=50M
# alternative
/etc/systemd/journald.conf.d/00-journal-size.conf
    [Journal]
    SystemMaxUse=50M

Log to Journal

systemd-cat -t name command
# to query log
journalctl -t name

Polkit

# check action
pkaction | grep systemd1

# global nopasswd
/etc/polkit-1/rules.d/49-nopasswd_global.rules
/* Allow members of the wheel group to execute any actions
 * without password authentication, similar to "sudo NOPASSWD:"
 */
polkit.addRule(function(action, subject) {
    if (subject.isInGroup("wheel")) {
        return polkit.Result.YES;
    }
});

# specific actions
/etc/polkit-1/rules.d/vncserver-auth.rules
polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.systemd1.manage-units" &&
    RegExp('vncserver@:[A-Za-z0-9_-]+.service').test(action.lookup("unit")) === true &&
    subject.user == "foo1") {
    return polkit.Result.YES;
    }
});

/etc/polkit-1/rules.d/udisk-mount-auth.rules
polkit.addRule(function(action, subject) {
    if (action.id == "org.freedesktop.udisks2.filesystem-mount"
        && subject.isInGroup("wheel"))
    {
        return polkit.Result.YES;
    }
});