Clean up

2024-09-03 20:16:27 +02:00 · 2022-02-27 20:33:33 +01:00 · 2022-02-27 20:33:33 +01:00 · da7a1994dc
commit da7a1994dc
parent 0a189e3d22
2 changed files with 0 additions and 91 deletions
--- a/conf/smb.conf
+++ b/conf/smb.conf
@ -1,46 +0,0 @@
-# ================================================= 
-# DO NOT EDIT THIS FILE
-# EDIT SUBPARTS IN /etc/samba/smb.conf.d
-# =================================================
-
-[global]
-
-   log file = /var/log/samba/log.%m
-   max log size = 1000
-   logging = file
-   panic action = /usr/share/samba/panic-action %d
-
-   server role = standalone server
-
-   obey pam restrictions = yes
-   unix password sync = yes
-   passwd program = /usr/bin/passwd %u
-   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
-   pam password change = yes
-   map to guest = bad user
-
-   usershare allow guests = yes 
-   browseable = yes
-
-
-[homes]
-   comment = Home Directories
-   browseable = no
-   read only = no
-   create mask = 0700
-   directory mask = 0700
-   valid users = %S
-
-[share]
-   comment = share
-   read only = no
-   path = /home/yunohost.app/samba/share
-   guest ok = no
-   browsable = yes
-   valid users = @samba.share
-   create mask = 0660
-   directory mask = 770
-   vfs objects = dfs_samba4 acl_xattr recycle
-   recycle:repository = .recycle
-   recycle:keeptree = yes
-   recycle:versions = yes
--- a/conf/systemd.service
+++ b/conf/systemd.service
@ -1,45 +0,0 @@
-[Unit]
-Description=Small description of the service
-After=network.target
-
-[Service]
-Type=simple
-User=__APP__
-Group=__APP__
-WorkingDirectory=__FINALPATH__/
-ExecStart=__FINALPATH__/script
-StandardOutput=append:/var/log/__APP__/__APP__.log
-StandardError=inherit
-
-# Sandboxing options to harden security
-# Depending on specificities of your service/app, you may need to tweak these 
-# .. but this should be a good baseline
-# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
-NoNewPrivileges=yes
-PrivateTmp=yes
-PrivateDevices=yes
-RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
-RestrictNamespaces=yes
-RestrictRealtime=yes
-DevicePolicy=closed
-ProtectSystem=full
-ProtectControlGroups=yes
-ProtectKernelModules=yes
-ProtectKernelTunables=yes
-LockPersonality=yes
-SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
-
-# Denying access to capabilities that should not be relevant for webapps
-# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
-CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
-CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
-CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
-CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
-CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
-CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
-CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
-CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
-CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG 
-
-[Install]
-WantedBy=multi-user.target