msfjarvis/server-config
1
Fork 0
mirror of https://github.com/msfjarvis/server-config synced 2025-08-14 14:07:02 +05:30
Code Issues Projects Releases Packages Wiki Activity Actions

Decomission some underutilized services

Browse source 
Signed-off-by: Harsh Shandilya <msfjarvis@gmail.com>
This commit is contained in:
Harsh Shandilya 2020-01-24 14:32:02 +05:30
parent 1039eb52f7
commit e476e77ca8
No known key found for this signature in database
GPG key ID: C2E74282C2133D62
4 changed files with 1 additions and 102 deletions
Download patch file Download diff file Expand all files Collapse all files

31
systemd_units/daas.service
View file

@ -1,31 +0,0 @@
[Unit]
Description=daas: demangle-as-a-service
After=syslog.target
After=network.target
[Service]
LimitMEMLOCK=infinity
LimitNOFILE=65535
RestartSec=2s
Type=simple
User=caddy
Group=caddy
ExecStart=/usr/local/bin/daas
Restart=always
# Security
PrivateTmp=true
ProtectSystem=full
ProtectHome=true
NoNewPrivileges=true
ProtectControlGroups=true
ProtectKernelModules=true
ProtectKernelTunables=true
PrivateDevices=true
RestrictAddressFamilies=AF_INET AF_INET6
RestrictNamespaces=true
RestrictRealtime=true
SystemCallArchitectures=native
[Install]
WantedBy=multi-user.target

36
systemd_units/gitea.service
View file

@ -1,36 +0,0 @@
[Unit]
Description=Gitea (Git with a cup of tea)
After=syslog.target
After=network.target
Requires=postgresql.service
[Service]
LimitMEMLOCK=infinity
LimitNOFILE=65535
RestartSec=2s
Type=simple
User=git
Group=git
WorkingDirectory=/var/lib/gitea/
ExecStart=/usr/local/bin/gitea web -c /etc/gitea/app.ini
Restart=always
Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/var/lib/gitea
ReadWriteDirectories=/var/lib/gitea
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE
# Security
PrivateTmp=true
ProtectSystem=full
NoNewPrivileges=true
ProtectControlGroups=true
ProtectKernelModules=true
ProtectKernelTunables=true
PrivateDevices=true
RestrictAddressFamilies=AF_INET AF_INET6
RestrictNamespaces=true
RestrictRealtime=true
SystemCallArchitectures=native
[Install]
WantedBy=multi-user.target

2
systemd_units/update.sh
View file

@ -8,7 +8,7 @@ function prettyPrint {
}
# Grab all service names
declare -a services=('caddy' 'daas' 'gitea' 'goaccess' 'mirror-bot' 'mirror-bot-2' 'mkr-bin' 'pyrobud' 'uno-bot' 'walls-bot')
declare -a services=('caddy' 'goaccess' 'mirror-bot' 'mirror-bot-2' 'mkr-bin' 'pyrobud' 'uno-bot' 'walls-bot')
# Now loop through each service and install it
for service in "${services[@]}"; do