You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
31 lines
717 B
31 lines
717 B
[Unit]
|
|
Description=cliVault Service
|
|
After=network.target
|
|
|
|
[Service]
|
|
Type=simple
|
|
# REPLACE all USERNAME with actual user
|
|
User=USERNAME
|
|
Group=USERNAME
|
|
WorkingDirectory=/etc/cliVault
|
|
ExecStart=/usr/local/bin/cliVault
|
|
Restart=on-failure
|
|
RestartSec=5s
|
|
|
|
# Security restrictions
|
|
PrivateTmp=true
|
|
ProtectSystem=strict
|
|
ProtectHome=true
|
|
ReadWritePaths=/etc/cliVault
|
|
NoNewPrivileges=true
|
|
PrivateDevices=true
|
|
ProtectKernelTunables=true
|
|
ProtectKernelModules=true
|
|
ProtectControlGroups=true
|
|
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX # Allow network access
|
|
RestrictNamespaces=true
|
|
CapabilityBoundingSet=
|
|
AmbientCapabilities=CAP_NET_BIND_SERVICE # Allow binding to port 9898 without root
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
|