blob: 5a3e2bdedba3ba7b7246110c4667bbf3018e9cdf (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
|
# Example systemd configuration file for duckcloud. Copy into
# /etc/systemd/system/, update the paths if necessary, then:
#
# systemctl enable duckcloud
# systemctl start duckcloud
#
# This assumes that Duckcloud has been installed by a user named
# duckcloud and the env variable "DATADIR" point to an existing
# folder owned by the user duckcloud.
#
# **NOTE:** This is an example service file that may change in the future. If you
# wish to use this please copy rather than symlink it.
#
[Unit]
Description=The Duckcloud backup server
After=network.target
[Service]
Type=notify
NotifyAccess=main
ExecReload=/bin/kill -HUP $MAINPID
Restart=always
# Specify where the binary is located
Environment="DATAHOME=/usr/share/duckcloud"
User=duckcloud
ExecStart=/usr/bin/duckcloud run --dir=${DATAHOME}
SyslogIdentifier=duckcloud
# ######################
# ## Security Sandbox ##
# ######################
# Make sure that the service has its own unshared tmpfs at /tmp and that it
# cannot see or change any real devices
PrivateTmp=true
PrivateDevices=true
# # We give no capabilities to a service by default
# CapabilityBoundingSet=
# AmbientCapabilities=
# # Protect the following from modification:
# # - The entire filesystem
# # - sysctl settings and loaded kernel modules
# # - No modifications allowed to Control Groups
# # - Hostname
# # - System Clock
# ProtectSystem=strict
# ProtectKernelTunables=true
# ProtectKernelModules=true
# ProtectControlGroups=true
# ProtectClock=true
# ProtectHostname=true
# # Prevent access to the following:
# # - /home directory
# # - Kernel logs
# ProtectHome=tmpfs
# ProtectKernelLogs=true
# # Make sure that the process can only see PIDs and process details of itself,
# # and the second option disables seeing details of things like system load and
# # I/O etc
# ProtectProc=invisible
# ProcSubset=pid
# # While not needed, we set these options explicitly
# # - This process has been given access to the host network
# # - It can also communicate with any IP Address
# PrivateNetwork=false
# RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
# IPAddressAllow=any
# # Restrict system calls to a sane bunch
# SystemCallArchitectures=native
# SystemCallFilter=@system-service
# SystemCallFilter=~@privileged @resources @obsolete
# # Misc restrictions
# RestrictSUIDSGID=true
# RemoveIPC=true
# NoNewPrivileges=true
# RestrictRealtime=true
# RestrictNamespaces=true
# LockPersonality=true
# PrivateUsers=true
[Install]
WantedBy=multi-user.target
|