Title: systemd101 
Subject: A few useful systemd commands
#---------------------------
systemd has its fingers in: 
 system init,
 service manager,
 logger,
 authenticaton,
 device managment,
 network managem
 ... and it will probably grow ...

"units" are the target of actions
units are catagroized by type of resource 
resources are labeld with a suffix (e.g. *.service)

# Default resource location:
/lib/systemd/system/*.service

# Overridden resource location :
/etc/systemd/system/*.service


#-------------------------------
# systemctl options:
 enable     <service>
 disable    <service>
 reload     <service>
 restart    <service>
 reload-or-restart <service>
 status     <service>
 is-active  <service>
 is-enabled <service>
 is-failed  <service>

#-------------------------------
# journalctl options:
 -f               # follow
 -r               # newest logs first
 -p [priority]    # debug, info, notice, warning, err, crit, alert, and emerg
 -u <unit>        # ntp
 -o <output_fort> # cat, short, short-iso, short-precise, short-monotonic, verbose, export, json, jsonpretty, json-see
 --since "1 hour ago"
 --since "2015-06-26 23:15:00" 
 --until "2015-06-26 23:20:00"

#-------------------------------
# Show blocking tree of daemons
# systemd-analyze options:
 critical-chain
 systemd-analyze plot > something.svg
 systemd-analyze dot | dot -Tpng -o stuff.png

#-------------------------------

systemctl list-units --type=service 
systemctl list-unit-files 

systemctl status /home
systemctl status -t help
systemctl status
systemctl show docker

systemctl list-dependencies 
systemctl list-jobs
systemctl list-machines
systemctl list-sockets
systemctl list-units

systemctl --state=failed


systemctl cat fwupd-refresh.service

systemctl try-restart fwupd-refresh.service

========================
systemctl poweroff
systemctl reboot

=======================
# runs a System V init script or systemd unit
# NOTE: systemd units take precidence if repeats
#       but not everything is a systemd service 
service --status-all

#=======================
# Runlevels
#--------------
# Boot to specific run level
systemctl isolate < Target Level>

# Show default runlevel
systemctl get_default

# Set default runlevel
systemctl set_default < Target Level >

# Show current runlevel
who -r 

 run-level 5  2020-07-15 21:04
 
#=======================
# Schedule a job (like cron)
#--------------
systemctl list-timers --all 

##------------------------------------------
# create area for user jobs
##------------------------------------------
mkdir -p ~/.config/systemd/user

##------------------------------------------
# Create service in ~/.config/systemd/user
# NOTE:  Can use variables in ExecStart
##------------------------------------------
cat > ~/.config/systemd/user/hello-world.service<<'EOF'
[Unit]
Description=A job to greet the world

[Service]
Type=simple
ExecStart=/home/demouser/.local/bin/hello-world.sh

[Install]
WantedBy=default.target
EOF
##------------------------------------------
# Create timer in ~/.config/systemd/user/
##------------------------------------------
 cat > ~/.config/systemd/user/hello-world.timer <<'EOF_TIMER'
[Unit]
Description=Schedule a greeting every 10 minutes
RefuseManualStart=no        # Allow manual starts
RefuseManualStop=no         # Allow manual stops

[Timer]
# Execute job if it missed a run due to machine being off
Persistent=true
# Run 120 seconds after boot for the first time
OnBootSec=120

# Run every 1 minute thereafter
OnUnitActiveSec=600
# # run on the minute of every minute every hour of every day
# OnCalender=*-*-* *:*:00
# # run on the hour of every hour of every day
# OnCalender=*-*-* *:00:00
# # run every day
# OnCalender=*-*-* 00:00:00
# # run 11:12:13 of the first or fifth day of any month of the year 2012, but only if that day is a Thursday or Friday
# OnCalender=Thu,Fri 2012-*-1,5 11:12:13

# File describing job to execute
Unit=hello-world.service

[Install]
WantedBy=timers.target
EOF_TIMER

##------------------------------------------
# enable to service
##------------------------------------------
systemctl --user enable hello-world.service

##------------------------------------------
# test run of the job:
##------------------------------------------
systemctl --user start hello-world.service

##------------------------------------------
# Actually schedule it!
##------------------------------------------
systemctl --user enable hello-world.timer

##------------------------------------------
# Check/monitor the service:
##------------------------------------------
systemctl --user status hello-world
systemctl --user list-unit-files

##------------------------------------------
# View the logs:
##------------------------------------------
journalctl --user --unit hello-world.service
journalctl --user --unit hello-world.timer

##------------------------------------------
# only log messages for the current boot:
##------------------------------------------
$ journalctl --user --unit hello-world.service --boot
$ journalctl --user --unit hello-world.timer --boot

##------------------------------------------
# manually run 
##------------------------------------------
systemctl --user start hello-world.service

##------------------------------------------
# manually stop it
##------------------------------------------
systemctl --user stop hello-world.service

##------------------------------------------
# Permanently stopping/disabling the timer and service:
##------------------------------------------
 systemctl --user stop hello-world.timer
 systemctl --user disable hello-world.timer
 systemctl --user stop hello-world.service
 systemctl --user disable hello-world.service
 systemctl --user daemon-reload
 systemctl --user reset-failed


##------------------------------------------
#  Use the cgroup network accoutning
##------------------------------------------
sudo systemd-run -t --wait -p IPAccounting=1 /bin/bash

    [sudo] password for demouser: 
    Running as unit: run-u1144.service
    Press ^] three times within 1s to disconnect TTY.

ping -c 5 127.0.0.1

    --- 127.0.0.1 ping statistics ---
    5 packets transmitted, 5 received, 0% packet loss, time 4084ms
    rtt min/avg/max/mdev = 0.090/0.108/0.139/0.017 ms

exit

    exit
    Finished with result: success
    Main processes terminated with: code=exited/status=0
    Service runtime: 1min 56.758s
    IP traffic received: 0B
    IP traffic sent: 0B

#-----------------------------------------------
# This didn't work for me, 
# but it is supposed to block the ping
# just within this bash shell
#-----------------------------------------------
sudo systemd-run -t -p IPAddressDeny=127.0.0.0/8 /bin/bash

ping 127.0.0.1

Supposed to output:
  ping: sending: Operation not permitted

#-----------------------------------------------