~arx10/furemcape unlisted

ref: b05c375a7b3d33b4b8846ee3042f2a0348bb2771 furemcape/feeder/etc/feeder.service -rw-r--r-- 723 bytes
b05c375aJustin Ludwig simple openssl ca scripts for feeder tls 10 months ago
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
[Unit]
Description=Furem Cape feeder component

[Service]
Type=simple
User=furemcape
Group=furemcape
EnvironmentFile=/usr/local/etc/default/furemcape
ExecStart=/usr/local/bin/furemcape-feeder
RuntimeDirectory=furemcape/feeder
WorkingDirectory=/run/furemcape/feeder
Restart=always

# HARDENING
LockPersonality=yes
MemoryDenyWriteExecute=yes
NoNewPrivileges=yes
PrivateDevices=yes
PrivateTmp=yes
ProtectControlGroups=yes
ProtectHome=yes
ProtectKernelLogs=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectSystem=strict
RemoveIPC=yes
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
RestrictNamespaces=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
SystemCallArchitectures=native

[Install]
WantedBy=default.target