diff options
author | Liao Junxuan | 2023-12-12 20:01:45 +0800 |
---|---|---|
committer | Liao Junxuan | 2023-12-12 20:03:16 +0800 |
commit | a3105b3954ccdce07e43083515408d1ee9ab32fd (patch) | |
tree | bd5ef9e9e9dc3928acc021ba18f7b71be3df0b53 /chatbot-ui.service | |
download | aur-a3105b3954ccdce07e43083515408d1ee9ab32fd.tar.gz |
add chatbot-ui-git
Diffstat (limited to 'chatbot-ui.service')
-rw-r--r-- | chatbot-ui.service | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/chatbot-ui.service b/chatbot-ui.service new file mode 100644 index 000000000000..5c0354db1107 --- /dev/null +++ b/chatbot-ui.service @@ -0,0 +1,45 @@ +[Unit] +Description=An open source ChatGPT UI +After=network.target + +[Service] +Type=exec + +Environment=NODE_ENV=production + +User=chatbot-ui +Group=chatbot-ui + +WorkingDirectory=/usr/share/webapps/chatbot-ui-git +ExecStart=/usr/bin/node node_modules/.bin/next start + +CapabilityBoundingSet= +NoNewPrivileges=true +PrivateDevices=true +RemoveIPC=true +LockPersonality=true + +ProtectControlGroups=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectClock=true +ProtectHostname=true +ProtectProc=noaccess + +RestrictRealtime=true +RestrictSUIDSGID=true +RestrictNamespaces=true +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 + +ProtectSystem=strict +ProtectHome=true +PrivateTmp=true +# ReadWritePaths=/var/lib/hedgedoc /run/hedgedoc + +SystemCallArchitectures=native +SystemCallFilter=@system-service @pkey + +[Install] +WantedBy=multi-user.target + |