2020-01-27 14:00:03 +00:00
|
|
|
[Unit]
|
|
|
|
|
Description=XMPP Messsage Forwarding Bot
|
|
|
|
|
Wants=network-online.target
|
|
|
|
|
After=network-online.target
|
|
|
|
|
|
|
|
|
|
[Install]
|
|
|
|
|
WantedBy=default.target
|
|
|
|
|
|
|
|
|
|
[Service]
|
2020-01-27 15:13:15 +00:00
|
|
|
## If you installed ForwardXMPP in a virtualenv, you will probably want to
|
|
|
|
|
## override this line so the executable is the python inside your virtualenv.
|
|
|
|
|
## If you did not install ForwardXMPP system-wide, you can set
|
|
|
|
|
## Environment=PYTHONPATH=<directory of your source checkout>
|
|
|
|
|
## and this ExecStart should work.
|
2020-01-27 14:00:03 +00:00
|
|
|
ExecStart=/usr/bin/python3 -m forwardxmpp --config-file /etc/forwardxmpp/config.ini
|
|
|
|
|
|
2020-01-27 15:13:15 +00:00
|
|
|
## Generally the only privileged operation ForwardXMPP needs to do is read
|
|
|
|
|
## its configuration file (which has a password in it). If DynamicUser can't
|
|
|
|
|
## read it, you can turn that off and set a low-privileged static User.
|
2020-01-27 14:00:03 +00:00
|
|
|
DynamicUser=true
|
|
|
|
|
|
2020-01-27 15:05:03 +00:00
|
|
|
DevicePolicy=closed
|
|
|
|
|
MemoryDenyWriteExecute=true
|
2020-01-27 14:00:03 +00:00
|
|
|
PrivateDevices=true
|
|
|
|
|
PrivateNetwork=false
|
|
|
|
|
PrivateTmp=true
|
|
|
|
|
PrivateUsers=true
|
|
|
|
|
ProtectControlGroups=true
|
|
|
|
|
ProtectHome=true
|
|
|
|
|
ProtectKernelModules=true
|
|
|
|
|
ProtectKernelTunables=true
|
|
|
|
|
ProtectSystem=strict
|
2020-01-27 15:05:03 +00:00
|
|
|
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
|
|
|
|
|
RestrictNamespaces=true
|
|
|
|
|
RestrictRealtime=true
|
2020-01-27 14:00:03 +00:00
|
|
|
|
|
|
|
|
CapabilityBoundingSet=
|
|
|
|
|
NoNewPrivileges=true
|
|
|
|
|
|
2020-01-27 15:13:15 +00:00
|
|
|
## This is just a list of very privileged syscall groups.
|
|
|
|
|
## This list could be tightened further if desired.
|
2020-01-27 14:00:03 +00:00
|
|
|
SystemCallFilter=~@clock @cpu-emulation @debug @module @mount @obsolete
|
