website/bin/deploy/systemd/conservancy-www-cleanup.service

# Remove old Django login sessions.

[Unit]
Description=Cleanup Conservancy website
Before=apache2.service

[Service]
Type=oneshot
User=www-data
ExecStart=/usr/bin/python3 /var/www/website/www/manage.py clearsessions --verbosity 0

SystemCallFilter=~@clock @cpu-emulation @debug @module @mount @obsolete
CapabilityBoundingSet=
NoNewPrivileges=true

PrivateDevices=true
PrivateNetwork=true
PrivateTmp=true
PrivateUsers=true
ProtectControlGroups=true
ProtectHome=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectSystem=strict
ReadWritePaths=/var/lib/www/database

[Install]
WantedBy=apache2.service
Add conservancy-www-db.service to repository, document Systemd services 2023-11-24 10:01:34 +11:00			`# Remove old Django login sessions.`

systemd: Replace cron infrastructure. 2019-11-23 18:20:09 -05:00			`[Unit]`
			`Description=Cleanup Conservancy website`
			`Before=apache2.service`

			`[Service]`
			`Type=oneshot`
Update "cleanup" and "update" services for Python 3 2023-09-14 18:14:22 +10:00			`User=www-data`
			`ExecStart=/usr/bin/python3 /var/www/website/www/manage.py clearsessions --verbosity 0`
systemd: Replace cron infrastructure. 2019-11-23 18:20:09 -05:00
			`SystemCallFilter=~@clock @cpu-emulation @debug @module @mount @obsolete`
			`CapabilityBoundingSet=`
			`NoNewPrivileges=true`

			`PrivateDevices=true`
			`PrivateNetwork=true`
			`PrivateTmp=true`
			`PrivateUsers=true`
			`ProtectControlGroups=true`
			`ProtectHome=true`
			`ProtectKernelModules=true`
			`ProtectKernelTunables=true`
			`ProtectSystem=strict`
			`ReadWritePaths=/var/lib/www/database`

			`[Install]`
			`WantedBy=apache2.service`