rustypaste-pretty/extra/systemd/rustypaste.service

32 lines
701 B
SYSTEMD
Raw Normal View History

[Unit]
Description=Rustypaste server
After=network-online.target
Wants=network-online.target systemd-networkd-wait-online.service
[Service]
User=rustypaste
Group=rustypaste
ExecStart=/usr/bin/rustypaste
ReadWritePaths=/var/lib/rustypaste
ReadOnlyPaths=/etc/rustypaste
WorkingDirectory=/var/lib/rustypaste
Environment="CONFIG=/etc/rustypaste/config.toml"
EnvironmentFile=/etc/rustypaste/rustypaste.env
# Hardening options
CapabilityBoundingSet=
AmbientCapabilities=
NoNewPrivileges=true
ProtectHome=true
ProtectSystem=strict
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectControlGroups=true
PrivateTmp=true
PrivateDevices=true
LockPersonality=true
[Install]
WantedBy=multi-user.target