1
0
dwelling-radio/init/radio.service

60 lines
1.4 KiB
SYSTEMD
Raw Normal View History

2022-03-08 01:17:24 +04:00
[Unit]
Description=Arav's dwelling / Radio
Requires=icecast.service
After=network-online.target icecast.service
2022-03-08 01:17:24 +04:00
[Service]
Type=simple
Restart=on-failure
DynamicUser=yes
ExecStart=/usr/bin/dwelling-radio -listen /var/run/dwelling-radio/sock \
-ic-url http://radio.arav.home.arpa/status-json.xsl \
-ic-playlist /var/log/icecast/playlist.log \
-filelist /srv/radio/filelist.html \
-mls-file /srv/radio/mostlistenedsong \
-lst-len 10
ReadOnlyPaths=/
2022-03-09 23:13:04 +04:00
LogsDirectory=dwelling-radio
RuntimeDirectory=dwelling-radio
2022-03-09 23:13:04 +04:00
AmbientCapabilities=
CapabilityBoundingSet=
LockPersonality=true
MemoryDenyWriteExecute=true
NoNewPrivileges=true
PrivateDevices=true
PrivateTmp=true
PrivateUsers=true
ProcSubset=pid
ProtectClock=true
2022-03-09 23:13:04 +04:00
ProtectControlGroups=true
ProtectHome=true
ProtectHostname=true
2022-03-09 23:13:04 +04:00
ProtectKernelLogs=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectProc=noaccess
ProtectProc=true
2022-03-09 23:13:04 +04:00
ProtectSystem=strict
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
RestrictNamespaces=true
RestrictRealtime=true
RestrictSUIDSGID=true
SystemCallArchitectures=native
SystemCallFilter=~@clock
SystemCallFilter=~@cpu-emulation
SystemCallFilter=~@debug
SystemCallFilter=~@module
SystemCallFilter=~@mount
SystemCallFilter=~@obsolete
SystemCallFilter=~@privileged
SystemCallFilter=~@raw-io
SystemCallFilter=~@reboot
SystemCallFilter=~@swap
2022-03-08 01:17:24 +04:00
[Install]
WantedBy=multi-user.target