msfjarvis/server-config
1
Fork 0
mirror of https://github.com/msfjarvis/server-config synced 2025-08-14 21:07:00 +05:30
Code Issues Projects Releases Packages Wiki Activity Actions
server-config/jarvis-bot.service
Harsh Shandilya be6bc18625
jarvis-bot: Sync some security settings with caddy upstream 
Signed-off-by: Harsh Shandilya <harsh@prjkt.io>
2018-02-15 00:05:38 +05:30

28 lines
No EOL
823 B
Desktop File
Raw Blame History

[Unit]
Description=Jarvis-CI-Bot service
After=network.target
[Service]
Restart=on-abort
Type=simple
User=bot
WorkingDirectory=/home/bot/jarvis-ci-bot
ExecStart=/home/bot/jarvis-ci-bot/build.py
ExecReload=/bin/kill -USR1 $MAINPID
; Use graceful shutdown with a reasonable timeout
KillMode=mixed
KillSignal=SIGQUIT
TimeoutStopSec=5s
; Use private /tmp and /var/tmp, which are discarded after caddy stops.
PrivateTmp=true
; Use a minimal /dev (May bring additional security if switched to 'true', but it may not work on Raspberry Pi's or other devices, so it has been disabled in this dist.)
PrivateDevices=false
; Hide /home, /root, and /run/user. Nobody will steal your SSH-keys.
ProtectHome=true
; Make /usr, /boot, /etc and possibly some more folders read-only.
ProtectSystem=full
[Install]
WantedBy=multi-user.target
Reference in a new issue View git blame Copy permalink