mirror of
https://github.com/YunoHost-Apps/scrutiny_ynh.git
synced 2024-09-03 20:16:24 +02:00
39 lines
957 B
Desktop File
39 lines
957 B
Desktop File
[Unit]
|
|
Description=Scrutiny Collector
|
|
After=network-online.target scrutiny-web-server.service
|
|
|
|
[Service]
|
|
Type=oneshot
|
|
User=root
|
|
Group=root
|
|
WorkingDirectory=__INSTALL_DIR__
|
|
LogsDirectory=__APP__
|
|
StateDirectory=__APP__
|
|
ExecStart=__INSTALL_DIR__/bin/scrutiny-collector-metrics-linux-amd64 run --config __INSTALL_DIR__/config/collector.yaml
|
|
Restart=no
|
|
StandardOutput=append:/var/log/__APP__/__APP__-collector.log
|
|
StandardError=inherit
|
|
|
|
NoNewPrivileges=true
|
|
SystemCallArchitectures=native
|
|
PrivateTmp=yes
|
|
ProtectHome=yes
|
|
#ProtectSystem=strict
|
|
ProtectKernelTunables=yes
|
|
ProtectKernelModules=yes
|
|
ProtectKernelLogs=yes
|
|
ProtectControlGroups=yes
|
|
ProtectHostname=yes
|
|
RestrictAddressFamilies=AF_INET AF_INET6
|
|
RestrictNamespaces=yes
|
|
LockPersonality=yes
|
|
MemoryDenyWriteExecute=yes
|
|
RestrictRealtime=yes
|
|
RestrictSUIDSGID=yes
|
|
RemoveIPC=yes
|
|
|
|
# smartctl apparently doesn't function properly with this protection in place
|
|
#ProtectClock=yes
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|