diff options
author | Markus Richter | 2019-01-11 14:09:03 +0100 |
---|---|---|
committer | Markus Richter | 2019-01-11 14:09:03 +0100 |
commit | 5f2e8119dc74e93f8d88816d034d262079c0e541 (patch) | |
tree | ce094f2e1075a45f4279f8fd54abf5ee4b3c2c52 /bitwarden_rs.service | |
parent | 60f27b58114bf52c4f2c75be64a28f87ec6538e7 (diff) | |
download | aur-5f2e8119dc74e93f8d88816d034d262079c0e541.tar.gz |
fit to upstream, implement woraround for yubikey support not compiling on aarch64
Diffstat (limited to 'bitwarden_rs.service')
-rw-r--r-- | bitwarden_rs.service | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/bitwarden_rs.service b/bitwarden_rs.service index ff6e7a7a8061..458600a27ea6 100644 --- a/bitwarden_rs.service +++ b/bitwarden_rs.service @@ -4,18 +4,25 @@ Documentation=https://github.com/dani-garcia/bitwarden_rs After=network.target [Service] +# The user/group bitwarden_rs is run under. the working directory (see below) should allow write and read access to this user/group User=bitwarden_rs Group=bitwarden_rs +# The location of the .env file for configuration EnvironmentFile=/etc/bitwarden_rs.env +# The location of the compiled binary ExecStart=/usr/bin/bitwarden_rs +# Set reasonable connection and process limits LimitNOFILE=1048576 LimitNPROC=64 +# Isolate bitwarden_rs from the rest of the system PrivateTmp=true PrivateDevices=true ProtectHome=true ProtectSystem=strict +# Only allow writes to the following directory and set it to the working directory (user and password data are stored here) WorkingDirectory=/var/lib/bitwarden_rs ReadWriteDirectories=/var/lib/bitwarden_rs +# Allow bitwarden_rs to bind ports in the range of 0-1024 AmbientCapabilities=CAP_NET_BIND_SERVICE [Install] |