chore(systemd): add systemd service files (#22)
Add systemd files to serve files from /var/lib/rustypaste, automatic user creation via systemd-sysusers and AUTH_TOKEN configuration via rustypaste.env in /etc/rustypaste/rustypaste.env. implements #16
This commit is contained in:
parent
8ed0b7bbf1
commit
8679ff91dc
|
@ -0,0 +1,2 @@
|
||||||
|
# To enable basic HTTP auth, set the AUTH_TOKEN
|
||||||
|
AUTH_TOKEN=""
|
|
@ -0,0 +1,31 @@
|
||||||
|
[Unit]
|
||||||
|
Description=Rustypaste server
|
||||||
|
After=network-online.target
|
||||||
|
Wants=network-online.target systemd-networkd-wait-online.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
User=rustypaste
|
||||||
|
Group=rustypaste
|
||||||
|
ExecStart=/usr/bin/rustypaste
|
||||||
|
ReadWritePaths=/var/lib/rustypaste
|
||||||
|
ReadOnlyPaths=/etc/rustypaste
|
||||||
|
|
||||||
|
WorkingDirectory=/var/lib/rustypaste
|
||||||
|
Environment="CONFIG=/etc/rustypaste/config.toml"
|
||||||
|
EnvironmentFile=/etc/rustypaste/rustypaste.env
|
||||||
|
|
||||||
|
# Hardening options
|
||||||
|
CapabilityBoundingSet=
|
||||||
|
AmbientCapabilities=
|
||||||
|
NoNewPrivileges=true
|
||||||
|
ProtectHome=true
|
||||||
|
ProtectSystem=strict
|
||||||
|
ProtectKernelTunables=true
|
||||||
|
ProtectKernelModules=true
|
||||||
|
ProtectControlGroups=true
|
||||||
|
PrivateTmp=true
|
||||||
|
PrivateDevices=true
|
||||||
|
LockPersonality=true
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
|
@ -0,0 +1 @@
|
||||||
|
u rustypaste - "Minimal file upload/pastebin service" /var/lib/rustypaste
|
|
@ -0,0 +1 @@
|
||||||
|
d /var/lib/rustypaste 0750 rustypaste rustypaste
|
Loading…
Reference in New Issue