strom/tcpasters
strom/tcpasters
1
1
Fork 0
Code Issues Pull requests Releases Activity Actions
tcpasters/contrib/systemd/tcp-expire.service
Thorsten Schubert 762bf9ed8e
All checks were successful
continuous-integration/drone/push Build is passing
Details
OCI compatible container configuration
2022-09-17 10:03:52 +02:00

29 lines
No EOL
679 B
Desktop File
Raw Permalink Blame History

# /etc/systemd/system/tcp-expire.service
# SPDX-License-Identifier: AGPL-3.0-or-later
# Copyright © 2022 Thorsten Schubert <tschubert@bafh.org>
[Service]
Type=oneshot
User=unsha
Group=http
ExecStart=/usr/local/bin/tcp-expire --destination=/srv/p
ReadWritePaths=/srv/p
ProtectSystem=strict
ProtectHome=tmpfs
BindReadOnlyPaths=/usr/local/bin
PrivateTmp=true
PrivateDevices=true
ProtectControlGroups=true
ProtectKernelModules=true
ProtectKernelTunables=true
SystemCallArchitectures=native
NoNewPrivileges=true
RestrictRealtime=true
MemoryDenyWriteExecute=true
ProtectKernelLogs=true
LockPersonality=true
ProtectHostname=true
RemoveIPC=true
RestrictSUIDSGID=true
ProtectClock=true
Reference in a new issue View git blame Copy permalink