website/systemd/conservancy-www-update.service

[Unit]
Description=Update Conservancy website checkout

[Service]
Type=oneshot
User=www
WorkingDirectory=/var/www/website
ExecStart=/var/www/website/systemd/conservancy-www-update.sh

SystemCallFilter=~@clock @cpu-emulation @debug @module @mount @obsolete
CapabilityBoundingSet=
NoNewPrivileges=true

PrivateDevices=true
PrivateNetwork=false
PrivateTmp=true
PrivateUsers=false
ProtectControlGroups=true
ProtectHome=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectSystem=strict
ReadWritePaths=/var/www/website
systemd: Replace cron infrastructure. 2019-11-23 18:20:09 -05:00			`[Unit]`
			`Description=Update Conservancy website checkout`

			`[Service]`
			`Type=oneshot`
			`User=www`
			`WorkingDirectory=/var/www/website`
			`ExecStart=/var/www/website/systemd/conservancy-www-update.sh`

			`SystemCallFilter=~@clock @cpu-emulation @debug @module @mount @obsolete`
			`CapabilityBoundingSet=`
			`NoNewPrivileges=true`

			`PrivateDevices=true`
			`PrivateNetwork=false`
			`PrivateTmp=true`
			`PrivateUsers=false`
			`ProtectControlGroups=true`
			`ProtectHome=true`
			`ProtectKernelModules=true`
			`ProtectKernelTunables=true`
			`ProtectSystem=strict`
			`ReadWritePaths=/var/www/website`