~emersion/tlstunnel

df92b86604757acf46dd472016b3e20a6d99be60 — Simon Ser a month ago abe9177
contrib/systemd: add template files
A contrib/systemd/tlstunnel.service => contrib/systemd/tlstunnel.service +29 -0
@@ 0,0 1,29 @@
[Unit]
Description=tlstunnel reverse proxy
Documentation=https://sr.ht/~emersion/tlstunnel
After=network.target

[Service]
User=tlstunnel
ExecStart=/usr/bin/tlstunnel
ExecReload=kill -HUP $MAINPID
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512

# Hardening options
PrivateTmp=true
PrivateDevices=true
ProtectHome=true
ProtectSystem=strict
ReadWritePaths=/var/lib/tlstunnel
AmbientCapabilities=CAP_NET_BIND_SERVICE
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
NoNewPrivileges=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectControlGroups=true
LockPersonality=true

[Install]
WantedBy=multi-user.target

A contrib/systemd/tlstunnel.sysusers => contrib/systemd/tlstunnel.sysusers +1 -0
@@ 0,0 1,1 @@
u tlstunnel - "tlstunnel user" /var/lib/tlstunnel

A contrib/systemd/tlstunnel.tmpfiles => contrib/systemd/tlstunnel.tmpfiles +1 -0
@@ 0,0 1,1 @@
d /var/lib/tlstunnel 0750 tlstunnel tlstunnel -