summarylogtreecommitdiffstats
path: root/gotify-server.service
diff options
context:
space:
mode:
Diffstat (limited to 'gotify-server.service')
-rw-r--r--gotify-server.service28
1 files changed, 28 insertions, 0 deletions
diff --git a/gotify-server.service b/gotify-server.service
index 4e87bab05dc1..eaafa54f9ca1 100644
--- a/gotify-server.service
+++ b/gotify-server.service
@@ -7,6 +7,34 @@ Type=simple
User=gotify
Group=gotify
ExecStart=/usr/bin/gotify-server
+WorkingDirectory=~
+ReadOnlyPaths=/etc/gotify/config.yml
+ReadWritePaths=/var/lib/gotify
+UMask=0077
+CapabilityBoundingSet=
+LockPersonality=true
+MemoryDenyWriteExecute=true
+NoNewPrivileges=true
+PrivateDevices=true
+PrivateTmp=true
+PrivateUsers=true
+ProtectClock=true
+ProtectControlGroups=true
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelLogs=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectSystem=strict
+RemoveIPC=true
+RestrictAddressFamilies=AF_INET AF_INET6
+RestrictNamespaces=true
+RestrictRealtime=true
+RestrictSUIDSGID=true
+SystemCallArchitectures=native
+SystemCallErrorNumber=EPERM
+SystemCallFilter=@system-service
+SystemCallFilter=~@privileged @resources
[Install]
WantedBy=multi-user.target