diff options
| author | Bret Comnes | 2024-02-20 12:36:28 -0800 |
|---|---|---|
| committer | Bret Comnes | 2024-02-20 15:01:52 -0800 |
| commit | 7dbb6f4247f254d1a8ed7ba6102db1f8f1a15a37 (patch) | |
| tree | b2436d5e75c4bc4092d7873a16ef05ad9579896e /systemd.service | |
| parent | e3f12ed5da92f206d3744693b857794f32d94e0d (diff) | |
| download | aur-7dbb6f4247f254d1a8ed7ba6102db1f8f1a15a37.tar.gz | |
upgpkg: homebridge-config-ui-x 4.55.1-6
Fix plugin installation issues and match upstream service file definition.
This removes a bunch of extra hardening that made installing plugins no install correctly.
You are free to harden this service as much as you want with service overrides.
Diffstat (limited to 'systemd.service')
| -rw-r--r-- | systemd.service | 44 |
1 files changed, 11 insertions, 33 deletions
diff --git a/systemd.service b/systemd.service index fbc436116079..1f3f1eb30129 100644 --- a/systemd.service +++ b/systemd.service @@ -4,43 +4,21 @@ Requires=network-online.target After=syslog.target network-online.target [Service] -Environment=HOMEBRIDGE_OPTS="-I -U /var/lib/homebridge" -Environment=UIX_STORAGE_PATH="/var/lib/homebridge" -ExecStart=/usr/bin/hb-service run $HOMEBRIDGE_OPTS +Type=simple User=homebridge Group=homebridge -Restart=always -RestartSec=5s +#PermissionsStartOnly=true WorkingDirectory=/var/lib/homebridge ReadWritePaths=/var/lib/homebridge -NoNewPrivileges=yes -UMask=0077 - -ProtectSystem=strict -ProtectHome=yes -PrivateUsers=yes -PrivateTmp=yes -PrivateDevices=yes -PrivateMounts=yes -ProtectHostname=yes -ProtectClock=yes -ProtectKernelTunables=yes -ProtectKernelModules=yes -ProtectKernelLogs=yes -ProtectControlGroups=yes -RestrictNamespaces=yes -#RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 # causes status=1/FAILURE -LockPersonality=yes -#MemoryDenyWriteExecute=yes # causes issues with V8 -RestrictRealtime=yes -RestrictSUIDSGID=yes -RemoveIPC=yes -CapabilityBoundingSet= -AmbientCapabilities= - -SystemCallFilter=@system-service -SystemCallFilter=~@privileged @resources -SystemCallArchitectures=native +EnvironmentFile=/etc/default/homebridge +#ExecStartPre=-/bin/run-parts /etc/hb-service/homebridge/prestart.d +#ExecStartPre=-/usr/bin/hb-service before-start $HOMEBRIDGE_OPTS` +ExecStart=/usr/bin/hb-service run $HOMEBRIDGE_OPTS +Restart=always +RestartSec=3 +KillMode=process +CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_CHOWN CAP_FOWNER CAP_DAC_OVERRIDE CAP_AUDIT_WRITE CAP_SYS_ADMIN +AmbientCapabilities=CAP_NET_RAW CAP_NET_BIND_SERVICE [Install] WantedBy=multi-user.target |