systemd: decomission everythang
Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
This commit is contained in:
parent
f81856d952
commit
140aba4e23
|
@ -1,39 +0,0 @@
|
|||
[Unit]
|
||||
Description=Caddy HTTP/2 web server
|
||||
Documentation=https://caddyserver.com/docs
|
||||
After=network-online.target
|
||||
Wants=network-online.target systemd-networkd-wait-online.service
|
||||
|
||||
[Service]
|
||||
Restart=on-abnormal
|
||||
User=caddy
|
||||
Group=caddy
|
||||
Environment=CADDYPATH=/etc/ssl/caddy
|
||||
EnvironmentFile=/etc/caddy/env
|
||||
ExecStart=/usr/local/bin/caddy -log stdout -agree=true -email me@msfjarvis.dev -conf=/etc/caddy/Caddyfile
|
||||
ExecReload=/bin/kill -USR1 $MAINPID
|
||||
KillMode=mixed
|
||||
KillSignal=SIGQUIT
|
||||
TimeoutStopSec=5s
|
||||
LimitNOFILE=1048576
|
||||
LimitNPROC=512
|
||||
ReadWriteDirectories=/etc/ssl/caddy /etc/logs
|
||||
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
|
||||
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
||||
|
||||
# Security
|
||||
PrivateTmp=true
|
||||
ProtectSystem=full
|
||||
ProtectHome=true
|
||||
NoNewPrivileges=true
|
||||
ProtectControlGroups=true
|
||||
ProtectKernelModules=true
|
||||
ProtectKernelTunables=true
|
||||
PrivateDevices=true
|
||||
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
|
||||
RestrictNamespaces=true
|
||||
RestrictRealtime=true
|
||||
SystemCallArchitectures=native
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -1,35 +0,0 @@
|
|||
[Unit]
|
||||
Description=Pyrobud Telegram selfbot
|
||||
After=multi-user.target
|
||||
|
||||
[Service]
|
||||
# Base settings
|
||||
Type=simple
|
||||
Restart=always
|
||||
RestartSec=10
|
||||
|
||||
# Execution parameters
|
||||
User=pyrobud
|
||||
Group=pyrobud
|
||||
WorkingDirectory=/home/pyrobud/pyrobud
|
||||
ExecStart=/home/pyrobud/pyrobud/venv/bin/python -O /home/pyrobud/pyrobud/main.py
|
||||
|
||||
# Limit damage in case something goes awry
|
||||
MemoryLimit=256M
|
||||
CPUQuota=200%
|
||||
|
||||
# Security
|
||||
PrivateTmp=true
|
||||
ProtectSystem=full
|
||||
NoNewPrivileges=true
|
||||
ProtectControlGroups=true
|
||||
ProtectKernelModules=true
|
||||
ProtectKernelTunables=true
|
||||
PrivateDevices=true
|
||||
RestrictAddressFamilies=AF_INET AF_INET6
|
||||
RestrictNamespaces=true
|
||||
RestrictRealtime=true
|
||||
SystemCallArchitectures=native
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -8,7 +8,7 @@ function prettyPrint() {
|
|||
}
|
||||
|
||||
# Grab all service names
|
||||
declare -a services=('caddy' 'mirror-bot' 'mirror-bot-2' 'uno-bot' 'pyrobud' 'walls-bot' 'walls-bot-rs')
|
||||
declare -a services=('mirror-bot' 'mirror-bot-2' 'uno-bot')
|
||||
|
||||
# Now loop through each service and install it
|
||||
for service in "${services[@]}"; do
|
||||
|
|
|
@ -1,31 +0,0 @@
|
|||
[Unit]
|
||||
Description=walls-bot-rs service
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
Restart=on-abort
|
||||
Type=simple
|
||||
User=bot
|
||||
WorkingDirectory=/home/bot/walls-bot-rs
|
||||
ExecStartPre=/usr/bin/git pull origin develop
|
||||
ExecStart=/home/bot/.cargo/bin/cargo run --release
|
||||
ExecReload=/bin/kill -USR1 $MAINPID
|
||||
KillMode=mixed
|
||||
KillSignal=SIGQUIT
|
||||
TimeoutStopSec=5s
|
||||
|
||||
# Security
|
||||
PrivateTmp=true
|
||||
ProtectSystem=full
|
||||
NoNewPrivileges=true
|
||||
ProtectControlGroups=true
|
||||
ProtectKernelModules=true
|
||||
ProtectKernelTunables=true
|
||||
PrivateDevices=true
|
||||
RestrictAddressFamilies=AF_INET AF_INET6
|
||||
RestrictNamespaces=true
|
||||
RestrictRealtime=true
|
||||
SystemCallArchitectures=native
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -1,31 +0,0 @@
|
|||
[Unit]
|
||||
Description=Desktop walls bot service
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
Restart=on-abort
|
||||
Type=simple
|
||||
User=bot
|
||||
WorkingDirectory=/home/bot/walls-bot
|
||||
ExecStartPre=/home/bot/walls-bot/gradlew --no-daemon build
|
||||
ExecStart=/usr/bin/java -jar /home/bot/walls-bot/build/libs/wallsbot-0.1-all.jar
|
||||
ExecReload=/bin/kill -USR1 $MAINPID
|
||||
KillMode=mixed
|
||||
KillSignal=SIGQUIT
|
||||
TimeoutStopSec=5s
|
||||
|
||||
# Security
|
||||
PrivateTmp=true
|
||||
ProtectSystem=full
|
||||
NoNewPrivileges=true
|
||||
ProtectControlGroups=true
|
||||
ProtectKernelModules=true
|
||||
ProtectKernelTunables=true
|
||||
PrivateDevices=true
|
||||
RestrictAddressFamilies=AF_INET AF_INET6
|
||||
RestrictNamespaces=true
|
||||
RestrictRealtime=true
|
||||
SystemCallArchitectures=native
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
Loading…
Reference in New Issue