Initial commit

author: Simon Ser 2020-12-23 10:04:26 +0100
committer: Simon Ser 2020-12-23 10:09:26 +0100
commit: 127f071bc3133c546db7fa76110555740fd7d47c (patch)
tree: 3807eec70a1a3cbe38cf5925ff8ad736bdbc9d7c /kimchi.service
download: aur-127f071bc3133c546db7fa76110555740fd7d47c.tar.gz
1 files changed, 27 insertions, 0 deletions
diff --git a/kimchi.service b/kimchi.service
new file mode 100644
index 000000000000..7dc25f5ae8a6
--- /dev/null
+++ b/kimchi.service
@@ -0,0 +1,27 @@
+[Unit]
+Description=kimchi web server
+Documentation=https://sr.ht/~emersion/kimchi
+After=network.target
+
+[Service]
+User=http
+Group=http
+ExecStart=/usr/bin/kimchi
+TimeoutStopSec=5s
+LimitNOFILE=1048576
+LimitNPROC=512
+
+# Hardening options
+PrivateTmp=true
+PrivateDevices=true
+ProtectSystem=strict
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+NoNewPrivileges=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectControlGroups=true
+LockPersonality=true
+
+[Install]
+WantedBy=multi-user.target
author	Simon Ser	2020-12-23 10:04:26 +0100
committer	Simon Ser	2020-12-23 10:09:26 +0100
commit	127f071bc3133c546db7fa76110555740fd7d47c (patch)
tree	3807eec70a1a3cbe38cf5925ff8ad736bdbc9d7c /kimchi.service
download	aur-127f071bc3133c546db7fa76110555740fd7d47c.tar.gz