MK13/NoBullShit-cloud
1
0
Fork 0
Code Issues 10 Activity

#9 Add systemd user service

Browse Source 
Fix service file, because the hardening does not make that much sense as it is run as --user anyway
This commit is contained in:
MK13
2022-05-08 22:27:06 +02:00
parent 2435670c3f
commit 7ec613f0f4
1 changed files with 1 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
tools/template-nbscloud.service
View File

@@ -1,30 +1,19 @@
[unit] [Unit]
Description=NoBullShit-cloud - A personal cloud without bullshit Description=NoBullShit-cloud - A personal cloud without bullshit
After=network-online.target After=network-online.target
Wants=network-online.target Wants=network-online.target
[Service] [Service]
Type=simple Type=simple
DynamicUser=true
# Values substituted from application.properties # Values substituted from application.properties
User=USER_R
Group=USER_R
ExecStart=java -jar DEPLOY_PATH_R/nbscloud.jar ExecStart=java -jar DEPLOY_PATH_R/nbscloud.jar
ReadWritePaths=BASE_DIR_R ReadWritePaths=BASE_DIR_R
# Hardening # Hardening
CapabilityBoundingSet=
AmbientCapabilities=
NoNewPrivileges=true
ProtectHome=true ProtectHome=true
ProtectSystem=full ProtectSystem=full
PrivateDevices=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectControlGroups=true
PrivateTmp=true PrivateTmp=true
LockPersonality=true
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target