website/deploy/systemd/conservancy-www-update.service

# Run the website update script (see also: conservancy-www-update.timer).

[Unit]
Description=Update Conservancy website checkout

[Service]
Type=oneshot
User=www-data
WorkingDirectory=/var/www/website
ExecStart=/var/www/website/deploy/systemd/conservancy-www-update.sh

SystemCallFilter=~@clock @cpu-emulation @debug @module @mount @obsolete
CapabilityBoundingSet=
NoNewPrivileges=true

PrivateDevices=true
PrivateNetwork=false
PrivateTmp=true
PrivateUsers=false
ProtectControlGroups=true
ProtectHome=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectSystem=strict
ReadWritePaths=/var/www/website
Add conservancy-www-db.service to repository, document Systemd services 2023-11-24 10:01:34 +11:00			`# Run the website update script (see also: conservancy-www-update.timer).`

systemd: Replace cron infrastructure. 2019-11-23 18:20:09 -05:00			`[Unit]`
			`Description=Update Conservancy website checkout`

			`[Service]`
			`Type=oneshot`
Update "cleanup" and "update" services for Python 3 2023-09-14 18:14:22 +10:00			`User=www-data`
systemd: Replace cron infrastructure. 2019-11-23 18:20:09 -05:00			`WorkingDirectory=/var/www/website`
update path -- website/systemd is now website/deploy/systemd 2024-02-13 10:51:04 -05:00			`ExecStart=/var/www/website/deploy/systemd/conservancy-www-update.sh`
systemd: Replace cron infrastructure. 2019-11-23 18:20:09 -05:00
			`SystemCallFilter=~@clock @cpu-emulation @debug @module @mount @obsolete`
			`CapabilityBoundingSet=`
			`NoNewPrivileges=true`

			`PrivateDevices=true`
			`PrivateNetwork=false`
			`PrivateTmp=true`
			`PrivateUsers=false`
			`ProtectControlGroups=true`
			`ProtectHome=true`
			`ProtectKernelModules=true`
			`ProtectKernelTunables=true`
			`ProtectSystem=strict`
			`ReadWritePaths=/var/www/website`