mirror of
https://github.com/YunoHost-Apps/scrutiny_ynh.git
synced 2024-09-03 20:16:24 +02:00
40 lines
957 B
SYSTEMD
40 lines
957 B
SYSTEMD
|
[Unit]
|
||
|
Description=Scrutiny Collector
|
||
|
After=network-online.target scrutiny-web-server.service
|
||
|
|
||
|
[Service]
|
||
|
Type=oneshot
|
||
|
User=root
|
||
|
Group=root
|
||
|
WorkingDirectory=__INSTALL_DIR__
|
||
|
LogsDirectory=__APP__
|
||
|
StateDirectory=__APP__
|
||
|
ExecStart=__INSTALL_DIR__/bin/scrutiny-collector-metrics-linux-amd64 run --config __INSTALL_DIR__/config/collector.yaml
|
||
|
Restart=no
|
||
|
StandardOutput=append:/var/log/__APP__/__APP__-collector.log
|
||
|
StandardError=inherit
|
||
|
|
||
|
NoNewPrivileges=true
|
||
|
SystemCallArchitectures=native
|
||
|
PrivateTmp=yes
|
||
|
ProtectHome=yes
|
||
|
#ProtectSystem=strict
|
||
|
ProtectKernelTunables=yes
|
||
|
ProtectKernelModules=yes
|
||
|
ProtectKernelLogs=yes
|
||
|
ProtectControlGroups=yes
|
||
|
ProtectHostname=yes
|
||
|
RestrictAddressFamilies=AF_INET AF_INET6
|
||
|
RestrictNamespaces=yes
|
||
|
LockPersonality=yes
|
||
|
MemoryDenyWriteExecute=yes
|
||
|
RestrictRealtime=yes
|
||
|
RestrictSUIDSGID=yes
|
||
|
RemoveIPC=yes
|
||
|
|
||
|
# smartctl apparently doesn't function properly with this protection in place
|
||
|
#ProtectClock=yes
|
||
|
|
||
|
[Install]
|
||
|
WantedBy=multi-user.target
|