ForwardXMPP/systemd/forwardxmpp.service

43 lines
1.3 KiB
SYSTEMD
Raw Permalink Normal View History

2020-01-27 14:00:03 +00:00
[Unit]
Description=XMPP Messsage Forwarding Bot
Wants=network-online.target
After=network-online.target
[Install]
WantedBy=default.target
[Service]
## If you installed ForwardXMPP in a virtualenv, you will probably want to
## override this line so the executable is the python inside your virtualenv.
## If you did not install ForwardXMPP system-wide, you can set
## Environment=PYTHONPATH=<directory of your source checkout>
## and this ExecStart should work.
2020-01-27 14:00:03 +00:00
ExecStart=/usr/bin/python3 -m forwardxmpp --config-file /etc/forwardxmpp/config.ini
## Generally the only privileged operation ForwardXMPP needs to do is read
## its configuration file (which has a password in it). If DynamicUser can't
## read it, you can turn that off and set a low-privileged static User.
2020-01-27 14:00:03 +00:00
DynamicUser=true
2020-01-27 15:05:03 +00:00
DevicePolicy=closed
MemoryDenyWriteExecute=true
2020-01-27 14:00:03 +00:00
PrivateDevices=true
PrivateNetwork=false
PrivateTmp=true
PrivateUsers=true
ProtectControlGroups=true
ProtectHome=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectSystem=strict
2020-01-27 15:05:03 +00:00
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
RestrictNamespaces=true
RestrictRealtime=true
2020-01-27 14:00:03 +00:00
CapabilityBoundingSet=
NoNewPrivileges=true
## This is just a list of very privileged syscall groups.
## This list could be tightened further if desired.
2020-01-27 14:00:03 +00:00
SystemCallFilter=~@clock @cpu-emulation @debug @module @mount @obsolete