[Unit] Description=dwelling-upload After=network.target [Service] Type=simple Restart=on-failure User=dwupload Group=dwupload ExecStart=/usr/bin/dwelling-upload -listen /var/run/dwelling-upload/sock \ -dir /srv/upload -expiry 36 -storage 102400 -file 128 ReadOnlyPaths=/ # Set here path to directory where uploads are stored. ReadWritePaths=/srv/upload NoExecPaths=/ ExecPaths=/usr/bin/dwelling-upload RuntimeDirectory=dwelling-upload LogsDirectory=dwelling-upload # Use gen-salt.sh to generate salt! It will create / append to an override.conf. SetCredentialEncrypted= AmbientCapabilities= CapabilityBoundingSet= LockPersonality=true MemoryDenyWriteExecute=true NoNewPrivileges=true PrivateDevices=true ProtectClock=true ProtectControlGroups=true ProtectHome=true ProtectKernelLogs=true ProtectKernelModules=true ProtectKernelTunables=true ProtectSystem=strict RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX RestrictNamespaces=true RestrictRealtime=true RestrictSUIDSGID=true SystemCallArchitectures=native [Install] WantedBy=multi-user.target