jpp/ansible-roles
1
0
Fork 0
mirror of https://git.lapiole.org/dani/ansible-roles.git synced 2025-04-25 22:53:23 +02:00
Code Issues Packages Projects Releases Wiki Activity
ansible-roles/roles/offen/templates/offen.service.j2
Daniel Berteaud b4b621e760 Update to 2023-03-17 16:00
2023-03-17 16:00:08 +01:00

39 lines
839 B
Django/Jinja
Raw Blame History

[Unit]
Description=Offen Fair Web Analytics
After=network.target postgresql.service mariadb.service
[Service]
Type=simple
EnvironmentFile={{ offen_root_dir }}/etc/offen.conf
User={{ offen_user }}
ExecStart={{ offen_root_dir }}/bin/offen
RuntimeDirectory=offen
Restart=always
RestartSec=5
Restart=always
NoNewPrivileges=true
PrivateDevices=true
ProtectControlGroups=true
ProtectHome=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectSystem=strict
ProtectHostname=yes
ProtectKernelLogs=yes
ProtectClock=yes
RestrictRealtime=true
RestrictNamespaces=yes
ReadWritePaths=/run
PrivateTmp=true
SystemCallArchitectures=native
SystemCallFilter=@system-service
SystemCallFilter=~@privileged
SystemCallFilter=~@resources
SystemCallErrorNumber=EPERM
LockPersonality=yes
MemoryDenyWriteExecute=yes
[Install]
WantedBy=multi-user.target
Reference in New Issue View Git Blame Copy Permalink