File: opendht-tools.dhtnode-http.service

package info (click to toggle)
opendht 3.0.1-1.1
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 2,284 kB
  • sloc: cpp: 23,342; python: 2,189; ansic: 2,041; makefile: 207; sh: 72
file content (43 lines) | stat: -rw-r--r-- 995 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
 
[Unit]
Description=OpenDHT standalone node with an HTTP control interface
Conflicts=dhtnode.service
After=network.target dhtnode.service
ConditionPathExists=/etc/default/dhtnode-http

[Service]
Type=simple
User=opendht
Group=opendht
EnvironmentFile=/etc/default/dhtnode-http
ExecStart=/usr/bin/dhtnode-http $DHT_HTTP_ARGS
Restart=on-failure
RestartSec=2s
LimitNOFILE=65536
WorkingDirectory=/tmp

# Hardening
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
LockPersonality=yes
NoNewPrivileges=yes
PrivateDevices=yes
PrivateTmp=yes
PrivateUsers=yes
ProtectClock=yes
ProtectControlGroups=yes
ProtectHome=yes
ProtectHostname=yes
ProtectKernelLogs=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectSystem=strict
ReadOnlyDirectories=/
ReadWriteDirectories=-/proc/self
ReadWriteDirectories=-/var/run
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictNamespaces=yes
RestrictRealtime=yes
SystemCallArchitectures=native
SystemCallFilter=@system-service

[Install]
WantedBy=multi-user.target