msfjarvis/server-config
1
Fork 0
mirror of https://github.com/msfjarvis/server-config synced 2025-08-14 08:17:01 +05:30
Code Issues Projects Releases Packages Wiki Activity Actions

Setup security rules for release watcher service

Browse source 
Signed-off-by: Harsh Shandilya <msfjarvis@gmail.com>
This commit is contained in:
Harsh Shandilya 2019-07-31 19:34:39 +05:30
parent ac002ae0cf
commit 07ac48d367
No known key found for this signature in database
GPG key ID: C2E74282C2133D62
1 changed files with 12 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

12
androidx-release-watcher.service
View file

@ -6,5 +6,17 @@ Wants=release-watcher-recent.timer
WorkingDirectory=/home/bot/androidx-release-watcher
ExecStart=/home/bot/androidx-release-watcher/venv/bin/python telegram_notifier.py
; Use graceful shutdown with a reasonable timeout
KillMode=mixed
KillSignal=SIGQUIT
TimeoutStopSec=5s
; Use private /tmp and /var/tmp, which are discarded after the process stops.
PrivateTmp=true
; Use a minimal /dev (May bring additional security if switched to 'true', but it may not work on Raspberry Pi's or other devices, so it has been disabled in this dist.)
PrivateDevices=false
; Make /usr, /boot, /etc and possibly some more folders read-only.
ProtectSystem=full
[Install]
WantedBy=multi-user.target