1
0
dwelling-upload/init/systemd/dwelling-upload.service

61 lines
1.4 KiB
SYSTEMD
Raw Permalink Normal View History

2022-02-06 02:22:23 +04:00
[Unit]
Description=dwelling-upload
After=network.target
[Service]
Type=simple
Restart=on-failure
DynamicUser=yes
ExecStart=/usr/bin/dwelling-upload -listen /var/run/dwelling-upload/sock \
-dir /srv/upload -expiry 36 -storage 102400 -file 128
2022-02-06 02:22:23 +04:00
ReadOnlyPaths=/
# Set here path to directory where uploads are stored.
ReadWritePaths=/srv/upload
NoExecPaths=/
2022-06-13 21:07:04 +04:00
ExecPaths=/usr/bin/dwelling-upload
RuntimeDirectory=dwelling-upload
LogsDirectory=dwelling-upload
# Use gen-salt.sh to generate salt! It will create / append to an override.conf.
SetCredentialEncrypted=
AmbientCapabilities=
CapabilityBoundingSet=
LockPersonality=true
MemoryDenyWriteExecute=true
NoNewPrivileges=true
PrivateDevices=true
PrivateTmp=true
PrivateUsers=true
ProcSubset=pid
ProtectClock=true
ProtectControlGroups=true
ProtectHome=true
ProtectHostname=true
ProtectKernelLogs=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectProc=noaccess
ProtectSystem=strict
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
RestrictNamespaces=true
RestrictRealtime=true
RestrictSUIDSGID=true
SystemCallArchitectures=native
SystemCallFilter=~@clock
SystemCallFilter=~@cpu-emulation
SystemCallFilter=~@debug
SystemCallFilter=~@module
SystemCallFilter=~@mount
SystemCallFilter=~@obsolete
SystemCallFilter=~@privileged
SystemCallFilter=~@raw-io
SystemCallFilter=~@reboot
SystemCallFilter=~@swap
2022-02-06 02:22:23 +04:00
[Install]
WantedBy=multi-user.target