diff options
Diffstat (limited to 'healthchecks-clean-db.service')
-rw-r--r-- | healthchecks-clean-db.service | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/healthchecks-clean-db.service b/healthchecks-clean-db.service new file mode 100644 index 000000000000..6f7079685883 --- /dev/null +++ b/healthchecks-clean-db.service @@ -0,0 +1,36 @@ +[Unit] +Description=Clean healthchecks database +Documentation=https://github.com/healthchecks/healthchecks + +[Service] +Type=oneshot +ExecStart=/usr/lib/healthchecks/hc-clean-db +WorkingDirectory=/var/lib/healthchecks +User=healthchecks +Group=healthchecks + +NoNewPrivileges=yes +LimitNOFILE=1048576 +LimitNPROC=64 +UMask=0077 +ProtectSystem=strict +ProtectHome=yes +ReadWritePaths=/var/lib/healthchecks +PrivateTmp=yes +PrivateDevices=yes +ProtectHostname=yes +ProtectClock=yes +ProtectKernelTunables=yes +ProtectKernelModules=yes +ProtectKernelLogs=yes +ProtectControlGroups=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=yes +LockPersonality=yes +MemoryDenyWriteExecute=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +RemoveIPC=yes +SystemCallFilter=@system-service +SystemCallFilter=~@privileged @resources +SystemCallArchitectures=native |