mirror of
https://github.com/YunoHost-Apps/ttrss_ynh.git
synced 2024-10-01 13:34:46 +02:00
b6b5fd48c9
* Auto-update README
* Upgrade to upstream
* Auto-update README
* Bullseye (#141)
* Fix
* Fix
* Auto-update README
Co-authored-by: yunohost-bot <yunohost@yunohost.org>
* Upgrade
* Auto-update README
* Auto-update README
* Upgrade to upstream
* Auto-update README
* PHP
* Auto-update README
* Update manifest.json
* Auto-update README
* Update config
* Fix
* Auto-update README
* update
* Auto-update README
* Version 2 (#148)
* v2
* v2
* Auto-update README
* Fix
* Auto-update README
* fix
---------
Co-authored-by: yunohost-bot <yunohost@yunohost.org>
* Update tests.toml
* Delete check_process
* Update restore
* Update remove
* Update install
* Update upgrade
* Fix
* Update upgrade
* Update manifest.toml
* Update manifest.toml
* data_migration
* fix
* Fix
* Update manifest.toml
* Auto-update README
* Update manifest.toml
* Update manifest.toml
* Auto-update README
* Update tests.toml
* auto updater
* Update manifest.toml
* Auto-update README
* remove data migration
* update git repo
* Auto-update README
* Update manifest.toml
* Update manifest.toml
* Auto-update README
* update to upstream
* Auto-update README
* fix
* Auto-update README
* Update manifest.toml
* Update manifest.toml
* Auto-update README
* Update manifest.toml
* Auto-update README
* PostgreSQL (#150)
* switch to PHP
* Update install
* Update _common.sh
* Update _common.sh
* Update app.src
* Update manifest.json
* Auto-update README
* Fix
* Update remove
* Update _common.sh
* Update app.src
* Fix
* Remove cron
* Update install
* Update change_url
* Update systemd.service
* Update install
* Update DESCRIPTION.md
* Auto-update README
* Fix
* Update manifest.json
* Update restore
* Update app.src
* Create migration
* v2
* v2
* Auto-update README
* Fix
* Auto-update README
* fix
* fix
* fix
* Update restore
* data_migration
* Revert "data_migration"
This reverts commit 1aea23fb52
.
* fix
* fix
* Update manifest.toml
* Update manifest.toml
* Update manifest.toml
* Auto-update README
* fix
* Update manifest.toml
* Update manifest.toml
* Auto-update README
* Create PRE_UPGRADE_fr.md
* fix
* Auto-update README
* Auto-update README
* Update manifest.toml
* Auto-update README
---------
Co-authored-by: Yunohost-Bot <>
Co-authored-by: yunohost-bot <yunohost@yunohost.org>
* Update manifest.toml
* cleaning
* Email (#162)
* add email
* Update config.php
* Update systemd.service
* Update manifest.toml
* Auto-update README
* Update config.php
* Update config.php
* Update manifest.toml
* Auto-update README
* Update manifest.toml
* Update manifest.toml
* Update systemd.service
* cleaning (#165)
* cleaning
* Update manifest.toml
* Update manifest.toml
* Update manifest.toml
* Auto-update README
---------
Co-authored-by: yunohost-bot <yunohost@yunohost.org>
51 lines
1.8 KiB
Desktop File
51 lines
1.8 KiB
Desktop File
Description=TTRSS: Backend update
|
|
Documentation=https://git.tt-rss.org/fox/tt-rss/wiki/UpdatingFeeds
|
|
Requires=network.target postgresql.service
|
|
After=network.target postgresql.service
|
|
|
|
[Service]
|
|
Type=simple
|
|
User=__APP__
|
|
Group=__APP__
|
|
WorkingDirectory=__INSTALL_DIR__/
|
|
ExecStart=/usr/bin/php__PHPVERSION__ __INSTALL_DIR__/update_daemon2.php
|
|
Restart=always
|
|
RestartSec=10
|
|
|
|
|
|
# Sandboxing options to harden security
|
|
# Depending on specificities of your service/app, you may need to tweak these
|
|
# .. but this should be a good baseline
|
|
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
|
|
NoNewPrivileges=yes
|
|
PrivateTmp=yes
|
|
PrivateDevices=yes
|
|
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
|
|
RestrictNamespaces=yes
|
|
RestrictRealtime=yes
|
|
DevicePolicy=closed
|
|
ProtectClock=yes
|
|
ProtectHostname=yes
|
|
ProtectProc=invisible
|
|
ProtectSystem=full
|
|
ProtectControlGroups=yes
|
|
ProtectKernelModules=yes
|
|
ProtectKernelTunables=yes
|
|
LockPersonality=yes
|
|
SystemCallArchitectures=native
|
|
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged
|
|
|
|
# Denying access to capabilities that should not be relevant for webapps
|
|
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
|
|
CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
|
|
CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
|
|
CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
|
|
CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
|
|
CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
|
|
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
|
|
CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
|
|
CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
|
|
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|