mirror of
https://github.com/YunoHost-Apps/mautrix_discord_ynh.git
synced 2024-09-03 19:36:35 +02:00
Fix install and upgrade
This commit is contained in:
parent
0df96055cc
commit
cf16f0a9f3
3 changed files with 15 additions and 2 deletions
|
@ -17,13 +17,16 @@ RestartSec=3
|
||||||
# Depending on specificities of your service/app, you may need to tweak these
|
# Depending on specificities of your service/app, you may need to tweak these
|
||||||
# .. but this should be a good baseline
|
# .. but this should be a good baseline
|
||||||
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
|
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
|
||||||
|
ReadWritePaths=__INSTALL_DIR__ /var/log/__APP__
|
||||||
NoNewPrivileges=yes
|
NoNewPrivileges=yes
|
||||||
MemoryDenyWriteExecute=true
|
MemoryDenyWriteExecute=true
|
||||||
PrivateTmp=yes
|
PrivateTmp=yes
|
||||||
PrivateDevices=yes
|
PrivateDevices=yes
|
||||||
|
PrivateUsers=true
|
||||||
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
|
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
|
||||||
RestrictNamespaces=yes
|
RestrictNamespaces=yes
|
||||||
RestrictRealtime=yes
|
RestrictRealtime=yes
|
||||||
|
RestrictSUIDSGID=true
|
||||||
DevicePolicy=closed
|
DevicePolicy=closed
|
||||||
ProtectClock=yes
|
ProtectClock=yes
|
||||||
ProtectHostname=yes
|
ProtectHostname=yes
|
||||||
|
@ -32,8 +35,10 @@ ProtectSystem=full
|
||||||
ProtectControlGroups=yes
|
ProtectControlGroups=yes
|
||||||
ProtectKernelModules=yes
|
ProtectKernelModules=yes
|
||||||
ProtectKernelTunables=yes
|
ProtectKernelTunables=yes
|
||||||
|
ProtectKernelLogs=true
|
||||||
LockPersonality=yes
|
LockPersonality=yes
|
||||||
SystemCallArchitectures=native
|
SystemCallArchitectures=native
|
||||||
|
SystemCallErrorNumber=EPERM
|
||||||
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged
|
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged
|
||||||
|
|
||||||
# Denying access to capabilities that should not be relevant for webapps
|
# Denying access to capabilities that should not be relevant for webapps
|
||||||
|
|
|
@ -66,7 +66,11 @@ ynh_add_systemd_config
|
||||||
|
|
||||||
yunohost service add $app --description="Matrix Discord pupetting bridge for YunoHost" --log="/var/log/$app/$app.log"
|
yunohost service add $app --description="Matrix Discord pupetting bridge for YunoHost" --log="/var/log/$app/$app.log"
|
||||||
|
|
||||||
ynh_use_logrotate
|
# Use logrotate to manage application logfile(s)
|
||||||
|
ynh_use_logrotate --logfile "/var/log/$app/$app.log" --nonappend --specific_user $app/$app
|
||||||
|
chmod -R 600 "/var/log/$app"
|
||||||
|
chmod 700 "/var/log/$app"
|
||||||
|
chown -R $app:$app /var/log/$app
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# APP INITIAL CONFIGURATION
|
# APP INITIAL CONFIGURATION
|
||||||
|
|
|
@ -56,7 +56,11 @@ ynh_add_systemd_config
|
||||||
|
|
||||||
yunohost service add $app --description="Matrix Discord pupetting bridge for YunoHost" --log="/var/log/$app/$app.log"
|
yunohost service add $app --description="Matrix Discord pupetting bridge for YunoHost" --log="/var/log/$app/$app.log"
|
||||||
|
|
||||||
ynh_use_logrotate --non-append
|
# Use logrotate to manage application logfile(s)
|
||||||
|
ynh_use_logrotate --logfile "/var/log/$app/$app.log" --nonappend --specific_user $app/$app
|
||||||
|
chmod -R 600 "/var/log/$app"
|
||||||
|
chmod 700 "/var/log/$app"
|
||||||
|
chown -R $app:$app /var/log/$app
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# RECONFIGURE THE APP (UPDATE CONF, APPLY MIGRATIONS...)
|
# RECONFIGURE THE APP (UPDATE CONF, APPLY MIGRATIONS...)
|
||||||
|
|
Loading…
Add table
Reference in a new issue