msfjarvis/server-config
1
Fork 0
mirror of https://github.com/msfjarvis/server-config synced 2025-08-14 18:47:00 +05:30
Code Issues Projects Releases Packages Wiki Activity Actions

systemd_units: Strip out comments

Browse source 
Signed-off-by: Harsh Shandilya <msfjarvis@gmail.com>
This commit is contained in:
Harsh Shandilya 2019-08-17 11:47:35 +05:30
parent 63a1386a6d
commit 9a2a1060c8
No known key found for this signature in database
GPG key ID: C2E74282C2133D62
6 changed files with 0 additions and 52 deletions
Download patch file Download diff file Expand all files Collapse all files

22
systemd_units/caddy.service
View file

@ -6,43 +6,21 @@ Wants=network-online.target systemd-networkd-wait-online.service
[Service] [Service]
Restart=on-abnormal Restart=on-abnormal
; User and group the process will run as.
User=caddy User=caddy
Group=caddy Group=caddy
; Letsencrypt-issued certificates will be written to this directory.
Environment=CADDYPATH=/etc/ssl/caddy Environment=CADDYPATH=/etc/ssl/caddy
; Always set "-root" to something safe in case it gets forgotten in the Caddyfile.
ExecStart=/usr/local/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp -envfile /etc/caddy/env ExecStart=/usr/local/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp -envfile /etc/caddy/env
ExecReload=/bin/kill -USR1 $MAINPID ExecReload=/bin/kill -USR1 $MAINPID
; Use graceful shutdown with a reasonable timeout
KillMode=mixed KillMode=mixed
KillSignal=SIGQUIT KillSignal=SIGQUIT
TimeoutStopSec=5s TimeoutStopSec=5s
; Limit the number of file descriptors; see `man systemd.exec` for more limit settings.
LimitNOFILE=1048576 LimitNOFILE=1048576
; Unmodified caddy is not expected to use more than that.
LimitNPROC=512 LimitNPROC=512
; Use private /tmp and /var/tmp, which are discarded after caddy stops.
PrivateTmp=true PrivateTmp=true
; Use a minimal /dev (May bring additional security if switched to 'true', but it may not work on Raspberry Pi's or other devices, so it has been disabled in this dist.)
PrivateDevices=true PrivateDevices=true
; Hide /home, /root, and /run/user. Nobody will steal your SSH-keys.
ProtectHome=true ProtectHome=true
; Make /usr, /boot, /etc and possibly some more folders read-only.
ProtectSystem=full ProtectSystem=full
; … except /etc/ssl/caddy, because we want Letsencrypt-certificates there.
; This merely retains r/w access rights, it does not add any new. Must still be writable on the host!
ReadWriteDirectories=/etc/ssl/caddy ReadWriteDirectories=/etc/ssl/caddy
; The following additional security directives only work with systemd v229 or later.
; They further restrict privileges that can be gained by caddy. Uncomment if you like.
; Note that you may have to add capabilities required by any plugins in use.
CapabilityBoundingSet=CAP_NET_BIND_SERVICE CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE AmbientCapabilities=CAP_NET_BIND_SERVICE
NoNewPrivileges=true NoNewPrivileges=true

6
systemd_units/mirror-bot-2.service
View file

@ -10,17 +10,11 @@ WorkingDirectory=/home/bot/aria-telegram-mirror-bot-2
ExecStartPre=/usr/bin/env bash aria.sh ExecStartPre=/usr/bin/env bash aria.sh
ExecStart=/usr/bin/npm start ExecStart=/usr/bin/npm start
ExecReload=/bin/kill -USR1 $MAINPID ExecReload=/bin/kill -USR1 $MAINPID
; Use graceful shutdown with a reasonable timeout
KillMode=mixed KillMode=mixed
KillSignal=SIGQUIT KillSignal=SIGQUIT
TimeoutStopSec=5s TimeoutStopSec=5s
; Use private /tmp and /var/tmp, which are discarded after the process stops.
PrivateTmp=true PrivateTmp=true
; Use a minimal /dev (May bring additional security if switched to 'true', but it may not work on Raspberry Pi's or other devices, so it has been disabled in this dist.)
PrivateDevices=true PrivateDevices=true
; Make /usr, /boot, /etc and possibly some more folders read-only.
ProtectSystem=full ProtectSystem=full
[Install] [Install]

6
systemd_units/mirror-bot.service
View file

@ -10,17 +10,11 @@ WorkingDirectory=/home/bot/aria-telegram-mirror-bot
ExecStartPre=/usr/bin/env bash aria.sh ExecStartPre=/usr/bin/env bash aria.sh
ExecStart=/usr/bin/npm start ExecStart=/usr/bin/npm start
ExecReload=/bin/kill -USR1 $MAINPID ExecReload=/bin/kill -USR1 $MAINPID
; Use graceful shutdown with a reasonable timeout
KillMode=mixed KillMode=mixed
KillSignal=SIGQUIT KillSignal=SIGQUIT
TimeoutStopSec=5s TimeoutStopSec=5s
; Use private /tmp and /var/tmp, which are discarded after the process stops.
PrivateTmp=true PrivateTmp=true
; Use a minimal /dev (May bring additional security if switched to 'true', but it may not work on Raspberry Pi's or other devices, so it has been disabled in this dist.)
PrivateDevices=true PrivateDevices=true
; Make /usr, /boot, /etc and possibly some more folders read-only.
ProtectSystem=full ProtectSystem=full
[Install] [Install]

6
systemd_units/uno-bot.service
View file

@ -9,17 +9,11 @@ User=bot
WorkingDirectory=/home/bot/mau_mau_bot WorkingDirectory=/home/bot/mau_mau_bot
ExecStart=/home/bot/mau_mau_bot/venv/bin/python bot.py ExecStart=/home/bot/mau_mau_bot/venv/bin/python bot.py
ExecReload=/bin/kill -USR1 $MAINPID ExecReload=/bin/kill -USR1 $MAINPID
; Use graceful shutdown with a reasonable timeout
KillMode=mixed KillMode=mixed
KillSignal=SIGQUIT KillSignal=SIGQUIT
TimeoutStopSec=5s TimeoutStopSec=5s
; Use private /tmp and /var/tmp, which are discarded after the process stops.
PrivateTmp=true PrivateTmp=true
; Use a minimal /dev (May bring additional security if switched to 'true', but it may not work on Raspberry Pi's or other devices, so it has been disabled in this dist.)
PrivateDevices=false PrivateDevices=false
; Make /usr, /boot, /etc and possibly some more folders read-only.
ProtectSystem=full ProtectSystem=full
[Install] [Install]

6
systemd_units/walls-bot-2.service
View file

@ -9,17 +9,11 @@ User=bot
WorkingDirectory=/home/bot/walls-bot-2 WorkingDirectory=/home/bot/walls-bot-2
ExecStart=/home/bot/walls-bot/gradlew run ExecStart=/home/bot/walls-bot/gradlew run
ExecReload=/bin/kill -USR1 $MAINPID ExecReload=/bin/kill -USR1 $MAINPID
; Use graceful shutdown with a reasonable timeout
KillMode=mixed KillMode=mixed
KillSignal=SIGQUIT KillSignal=SIGQUIT
TimeoutStopSec=5s TimeoutStopSec=5s
; Use private /tmp and /var/tmp, which are discarded after the process stops.
PrivateTmp=true PrivateTmp=true
; Use a minimal /dev (May bring additional security if switched to 'true', but it may not work on Raspberry Pi's or other devices, so it has been disabled in this dist.)
PrivateDevices=false PrivateDevices=false
; Make /usr, /boot, /etc and possibly some more folders read-only.
ProtectSystem=full ProtectSystem=full
[Install] [Install]

6
systemd_units/walls-bot.service
View file

@ -9,17 +9,11 @@ User=bot
WorkingDirectory=/home/bot/walls-bot WorkingDirectory=/home/bot/walls-bot
ExecStart=/home/bot/walls-bot/gradlew run ExecStart=/home/bot/walls-bot/gradlew run
ExecReload=/bin/kill -USR1 $MAINPID ExecReload=/bin/kill -USR1 $MAINPID
; Use graceful shutdown with a reasonable timeout
KillMode=mixed KillMode=mixed
KillSignal=SIGQUIT KillSignal=SIGQUIT
TimeoutStopSec=5s TimeoutStopSec=5s
; Use private /tmp and /var/tmp, which are discarded after the process stops.
PrivateTmp=true PrivateTmp=true
; Use a minimal /dev (May bring additional security if switched to 'true', but it may not work on Raspberry Pi's or other devices, so it has been disabled in this dist.)
PrivateDevices=false PrivateDevices=false
; Make /usr, /boot, /etc and possibly some more folders read-only.
ProtectSystem=full ProtectSystem=full
[Install] [Install]