1 files changed, 55 insertions, 0 deletions

diff --git a/conduit-git/conduit.service b/conduit-git/conduit.service
new file mode 100644
index 0000000..d39a33b
--- /dev/null
+++ b/conduit-git/conduit.service
@@ -0,0 +1,55 @@
+
+[Unit]
+Description=Conduit Matrix Homeserver
+After=network.target nss-lookup.target
+
+[Service]
+Type=notify
+ExecStart=/usr/bin/conduit-matrix
+ExecReload=/bin/kill -HUP ${MAINPID}
+TimeoutSec=10
+Restart=on-failure
+
+Environment="CONDUIT_CONFIG=/etc/conduit.toml"
+WorkingDirectory=/var/lib/conduit-matrix
+
+StartLimitInterval=1m
+StartLimitBurst=5
+
+AmbientCapabilities=
+CapabilityBoundingSet=
+LockPersonality=yes
+ProcSubset=pid
+ProtectProc=invisible
+MemoryDenyWriteExecute=yes
+NoNewPrivileges=yes
+ProtectClock=yes
+ProtectControlGroups=yes
+ProtectHome=yes
+ProtectHostname=yes
+ProtectKernelLogs=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+ProtectSystem=strict
+PrivateDevices=yes
+PrivateMounts=yes
+PrivateTmp=yes
+PrivateUsers=yes
+RemoveIPC=yes
+RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
+RestrictNamespaces=yes
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+SystemCallErrorNumber=EPERM
+StateDirectory=conduit-matrix
+RuntimeDirectory=conduit-matrix
+
+User=conduit-matrix
+Group=conduit-matrix
+ReadWriteDirectories=-/var/lib/conduit-matrix
+ReadWriteDirectories=-/var/log/conduit-matrix
+
+[Install]
+WantedBy=multi-user.target