feat: initialize openfga with version 1.8.9

author: mekyt 2025-04-08 11:36:57 +0200
committer: mekyt 2025-04-08 11:36:57 +0200
commit: ca4b05931ebf857c167203df948ac31170bc8133 (patch)
tree: db061b4f059ba7e1aca587869a63c67dea8c3b0d /openfga.service
download: aur-ca4b05931ebf857c167203df948ac31170bc8133.tar.gz
1 files changed, 36 insertions, 0 deletions
diff --git a/openfga.service b/openfga.service
new file mode 100644
index 000000000000..31d361cd35f9
--- /dev/null
+++ b/openfga.service
@@ -0,0 +1,36 @@
+[Unit]
+Description=Relationship-based access control
+Documentation=https://github.com/openfga/openfga
+After=network.target
+
+[Service]
+User=openfga
+Group=openfga
+PrivateTmp=true
+ProtectHome=true
+ProtectSystem=strict
+ProtectKernelTunables=true
+ProtectHostname=true
+ProtectClock=true
+ProtectControlGroups=true
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+NoNewPrivileges=true
+PrivateDevices=true
+DeviceAllow=/dev/syslog
+RestrictSUIDSGID=true
+ProtectKernelModules=true
+MemoryDenyWriteExecute=true
+RestrictNamespaces=true
+RestrictRealtime=true
+LockPersonality=true
+TimeoutStopSec=7s
+KillMode=mixed
+KillSignal=SIGTERM
+Restart=on-failure
+RestartPreventExitStatus=2
+ReadWritePaths=/etc/openfga/config.yaml
+ExecStartPre=-/usr/bin/openfga migrate
+ExecStart=/usr/bin/openfga run
+
+[Install]
+WantedBy=multi-user.target
author	mekyt	2025-04-08 11:36:57 +0200
committer	mekyt	2025-04-08 11:36:57 +0200
commit	ca4b05931ebf857c167203df948ac31170bc8133 (patch)
tree	db061b4f059ba7e1aca587869a63c67dea8c3b0d /openfga.service
download	aur-ca4b05931ebf857c167203df948ac31170bc8133.tar.gz