diff --git a/conf/smb.conf b/conf/smb.conf deleted file mode 100644 index 589a34b..0000000 --- a/conf/smb.conf +++ /dev/null @@ -1,46 +0,0 @@ -# ================================================= -# DO NOT EDIT THIS FILE -# EDIT SUBPARTS IN /etc/samba/smb.conf.d -# ================================================= - -[global] - - log file = /var/log/samba/log.%m - max log size = 1000 - logging = file - panic action = /usr/share/samba/panic-action %d - - server role = standalone server - - obey pam restrictions = yes - unix password sync = yes - passwd program = /usr/bin/passwd %u - passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . - pam password change = yes - map to guest = bad user - - usershare allow guests = yes - browseable = yes - - -[homes] - comment = Home Directories - browseable = no - read only = no - create mask = 0700 - directory mask = 0700 - valid users = %S - -[share] - comment = share - read only = no - path = /home/yunohost.app/samba/share - guest ok = no - browsable = yes - valid users = @samba.share - create mask = 0660 - directory mask = 770 - vfs objects = dfs_samba4 acl_xattr recycle - recycle:repository = .recycle - recycle:keeptree = yes - recycle:versions = yes diff --git a/conf/systemd.service b/conf/systemd.service deleted file mode 100644 index 31e9da3..0000000 --- a/conf/systemd.service +++ /dev/null @@ -1,45 +0,0 @@ -[Unit] -Description=Small description of the service -After=network.target - -[Service] -Type=simple -User=__APP__ -Group=__APP__ -WorkingDirectory=__FINALPATH__/ -ExecStart=__FINALPATH__/script -StandardOutput=append:/var/log/__APP__/__APP__.log -StandardError=inherit - -# Sandboxing options to harden security -# Depending on specificities of your service/app, you may need to tweak these -# .. but this should be a good baseline -# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html -NoNewPrivileges=yes -PrivateTmp=yes -PrivateDevices=yes -RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 -RestrictNamespaces=yes -RestrictRealtime=yes -DevicePolicy=closed -ProtectSystem=full -ProtectControlGroups=yes -ProtectKernelModules=yes -ProtectKernelTunables=yes -LockPersonality=yes -SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap - -# Denying access to capabilities that should not be relevant for webapps -# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html -CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD -CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE -CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT -CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK -CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM -CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG -CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE -CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW -CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG - -[Install] -WantedBy=multi-user.target