From 140aba4e239f008db63ea88d63ec8884dd667d40 Mon Sep 17 00:00:00 2001 From: Harsh Shandilya Date: Mon, 24 Aug 2020 16:42:19 +0530 Subject: [PATCH] systemd: decomission everythang Signed-off-by: Harsh Shandilya --- systemd_units/caddy.service | 39 ------------------------------ systemd_units/pyrobud.service | 35 --------------------------- systemd_units/update.sh | 2 +- systemd_units/walls-bot-rs.service | 31 ------------------------ systemd_units/walls-bot.service | 31 ------------------------ 5 files changed, 1 insertion(+), 137 deletions(-) delete mode 100644 systemd_units/caddy.service delete mode 100644 systemd_units/pyrobud.service delete mode 100644 systemd_units/walls-bot-rs.service delete mode 100644 systemd_units/walls-bot.service diff --git a/systemd_units/caddy.service b/systemd_units/caddy.service deleted file mode 100644 index e739bc9..0000000 --- a/systemd_units/caddy.service +++ /dev/null @@ -1,39 +0,0 @@ -[Unit] -Description=Caddy HTTP/2 web server -Documentation=https://caddyserver.com/docs -After=network-online.target -Wants=network-online.target systemd-networkd-wait-online.service - -[Service] -Restart=on-abnormal -User=caddy -Group=caddy -Environment=CADDYPATH=/etc/ssl/caddy -EnvironmentFile=/etc/caddy/env -ExecStart=/usr/local/bin/caddy -log stdout -agree=true -email me@msfjarvis.dev -conf=/etc/caddy/Caddyfile -ExecReload=/bin/kill -USR1 $MAINPID -KillMode=mixed -KillSignal=SIGQUIT -TimeoutStopSec=5s -LimitNOFILE=1048576 -LimitNPROC=512 -ReadWriteDirectories=/etc/ssl/caddy /etc/logs -CapabilityBoundingSet=CAP_NET_BIND_SERVICE -AmbientCapabilities=CAP_NET_BIND_SERVICE - -# Security -PrivateTmp=true -ProtectSystem=full -ProtectHome=true -NoNewPrivileges=true -ProtectControlGroups=true -ProtectKernelModules=true -ProtectKernelTunables=true -PrivateDevices=true -RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX -RestrictNamespaces=true -RestrictRealtime=true -SystemCallArchitectures=native - -[Install] -WantedBy=multi-user.target diff --git a/systemd_units/pyrobud.service b/systemd_units/pyrobud.service deleted file mode 100644 index b53d1d7..0000000 --- a/systemd_units/pyrobud.service +++ /dev/null @@ -1,35 +0,0 @@ -[Unit] -Description=Pyrobud Telegram selfbot -After=multi-user.target - -[Service] -# Base settings -Type=simple -Restart=always -RestartSec=10 - -# Execution parameters -User=pyrobud -Group=pyrobud -WorkingDirectory=/home/pyrobud/pyrobud -ExecStart=/home/pyrobud/pyrobud/venv/bin/python -O /home/pyrobud/pyrobud/main.py - -# Limit damage in case something goes awry -MemoryLimit=256M -CPUQuota=200% - -# Security -PrivateTmp=true -ProtectSystem=full -NoNewPrivileges=true -ProtectControlGroups=true -ProtectKernelModules=true -ProtectKernelTunables=true -PrivateDevices=true -RestrictAddressFamilies=AF_INET AF_INET6 -RestrictNamespaces=true -RestrictRealtime=true -SystemCallArchitectures=native - -[Install] -WantedBy=multi-user.target diff --git a/systemd_units/update.sh b/systemd_units/update.sh index bbfd7df..4823ff6 100755 --- a/systemd_units/update.sh +++ b/systemd_units/update.sh @@ -8,7 +8,7 @@ function prettyPrint() { } # Grab all service names -declare -a services=('caddy' 'mirror-bot' 'mirror-bot-2' 'uno-bot' 'pyrobud' 'walls-bot' 'walls-bot-rs') +declare -a services=('mirror-bot' 'mirror-bot-2' 'uno-bot') # Now loop through each service and install it for service in "${services[@]}"; do diff --git a/systemd_units/walls-bot-rs.service b/systemd_units/walls-bot-rs.service deleted file mode 100644 index 579dd0d..0000000 --- a/systemd_units/walls-bot-rs.service +++ /dev/null @@ -1,31 +0,0 @@ -[Unit] -Description=walls-bot-rs service -After=network.target - -[Service] -Restart=on-abort -Type=simple -User=bot -WorkingDirectory=/home/bot/walls-bot-rs -ExecStartPre=/usr/bin/git pull origin develop -ExecStart=/home/bot/.cargo/bin/cargo run --release -ExecReload=/bin/kill -USR1 $MAINPID -KillMode=mixed -KillSignal=SIGQUIT -TimeoutStopSec=5s - -# Security -PrivateTmp=true -ProtectSystem=full -NoNewPrivileges=true -ProtectControlGroups=true -ProtectKernelModules=true -ProtectKernelTunables=true -PrivateDevices=true -RestrictAddressFamilies=AF_INET AF_INET6 -RestrictNamespaces=true -RestrictRealtime=true -SystemCallArchitectures=native - -[Install] -WantedBy=multi-user.target diff --git a/systemd_units/walls-bot.service b/systemd_units/walls-bot.service deleted file mode 100644 index ab25b5b..0000000 --- a/systemd_units/walls-bot.service +++ /dev/null @@ -1,31 +0,0 @@ -[Unit] -Description=Desktop walls bot service -After=network.target - -[Service] -Restart=on-abort -Type=simple -User=bot -WorkingDirectory=/home/bot/walls-bot -ExecStartPre=/home/bot/walls-bot/gradlew --no-daemon build -ExecStart=/usr/bin/java -jar /home/bot/walls-bot/build/libs/wallsbot-0.1-all.jar -ExecReload=/bin/kill -USR1 $MAINPID -KillMode=mixed -KillSignal=SIGQUIT -TimeoutStopSec=5s - -# Security -PrivateTmp=true -ProtectSystem=full -NoNewPrivileges=true -ProtectControlGroups=true -ProtectKernelModules=true -ProtectKernelTunables=true -PrivateDevices=true -RestrictAddressFamilies=AF_INET AF_INET6 -RestrictNamespaces=true -RestrictRealtime=true -SystemCallArchitectures=native - -[Install] -WantedBy=multi-user.target