1
0
dwelling-files/init/systemd/dwelling-files.service

40 lines
792 B
SYSTEMD
Raw Normal View History

2022-06-27 04:38:09 +04:00
[Unit]
Description=dwelling-files
After=network-online.target
[Service]
Type=simple
Restart=on-failure
2022-06-28 04:58:17 +04:00
DynamicUser=yes
2022-06-27 04:38:09 +04:00
ExecStart=/usr/bin/dwelling-files -conf /etc/dwelling/files.yaml
ReadOnlyPaths=/
NoExecPaths=/
ExecPaths=/usr/bin/dwelling-files
2022-06-27 04:38:09 +04:00
LogsDirectory=dwelling-files
RuntimeDirectory=dwelling-files
AmbientCapabilities=
CapabilityBoundingSet=
LockPersonality=true
MemoryDenyWriteExecute=true
NoNewPrivileges=true
PrivateDevices=true
ProtectClock=true
ProtectControlGroups=true
ProtectHome=true
ProtectKernelLogs=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectSystem=strict
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
RestrictNamespaces=true
RestrictRealtime=true
RestrictSUIDSGID=true
SystemCallArchitectures=native
[Install]
WantedBy=multi-user.target