Blame - tools/dnc/systemd/dnc.service.in - dhtnet

blob: dedcea4a587810953c46fe5eb14d0c524f11cba0 [file] [log] [blame]

Amna	f38fa10	2024-02-01 16:39:30 -0500	[diff] [blame^]	1	[Unit]
				2	Description=Dnc server
				3	Documentation=man:dnc(1)
				4	After=network.target
				5
				6	[Service]
				7	Type=simple
				8	User=dnc
				9	Group=dnc
				10	ExecStart=@bindir@/dnc -l -d @sysconfdir@/dhtnet/dnc.yaml -c @sysconfdir@/dhtnet/id/id-server.crt -p @sysconfdir@/dhtnet/id/id-server.pem
				11	Restart=on-failure
				12	RestartSec=2s
				13	LimitNOFILE=65536
				14	DynamicUser=yes
				15	KillMode=process
				16	WorkingDirectory=/tmp
				17
				18	# Hardening
				19	CapabilityBoundingSet=CAP_NET_BIND_SERVICE
				20	LockPersonality=yes
				21	NoNewPrivileges=yes
				22	PrivateDevices=yes
				23	PrivateTmp=yes
				24	PrivateUsers=yes
				25	ProtectClock=yes
				26	ProtectControlGroups=yes
				27	ProtectHome=yes
				28	ProtectHostname=yes
				29	ProtectKernelLogs=yes
				30	ProtectKernelModules=yes
				31	ProtectKernelTunables=yes
				32	ProtectSystem=strict
				33	ReadOnlyDirectories=/
				34	ReadWriteDirectories=-/proc/self
				35	ReadWriteDirectories=-/var/run
				36	RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
				37	RestrictNamespaces=yes
				38	RestrictRealtime=yes
				39	SystemCallArchitectures=native
				40	SystemCallFilter=@system-service
				41
				42	[Install]
				43	WantedBy=multi-user.target