mirror of
https://github.com/telemt/telemt.git
synced 2026-04-15 09:34:10 +03:00
systemd contrib, add sysuser & tmpfiles configs, fix service
This commit is contained in:
Дмитрий Марков
3
contrib/systemd/system-user-telemt.conf
Normal file
3
contrib/systemd/system-user-telemt.conf
Normal file
@@ -0,0 +1,3 @@
|
||||
u telemt - "telemt user" /var/lib/telemt -
|
||||
g telemt - -
|
||||
m telemt telemt
|
||||
29
contrib/systemd/telemt.service
Normal file
29
contrib/systemd/telemt.service
Normal file
@@ -0,0 +1,29 @@
|
||||
[Unit]
|
||||
Description=Telemt
|
||||
Wants=network-online.target
|
||||
After=multi-user.target network.target network-online.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
User=telemt
|
||||
Group=telemt
|
||||
WorkingDirectory=/var/lib/telemt
|
||||
ExecStart=/bin/telemt /etc/telemt/telemt.toml
|
||||
Restart=on-failure
|
||||
RestartSec=10
|
||||
LimitNOFILE=65536
|
||||
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
||||
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
|
||||
NoNewPrivileges=true
|
||||
PrivateTmp=yes
|
||||
PrivateDevices=yes
|
||||
ProtectKernelTunables=yes
|
||||
ProtectKernelModules=yes
|
||||
ProtectControlGroups=yes
|
||||
ProtectSystem=strict
|
||||
ProtectHome=read-only
|
||||
SystemCallFilter=~@mount
|
||||
ReadWritePaths=/var/lib/telemt
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
1
contrib/systemd/tmpfiles-telemt.conf
Normal file
1
contrib/systemd/tmpfiles-telemt.conf
Normal file
@@ -0,0 +1 @@
|
||||
d /var/lib/telemt 700 telemt telemt
|
||||
Reference in New Issue
Block a user