diff options
Diffstat (limited to 'fastbangs-rs-git/fastbangs-rs.service')
| -rw-r--r-- | fastbangs-rs-git/fastbangs-rs.service | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/fastbangs-rs-git/fastbangs-rs.service b/fastbangs-rs-git/fastbangs-rs.service new file mode 100644 index 0000000..aa953af --- /dev/null +++ b/fastbangs-rs-git/fastbangs-rs.service @@ -0,0 +1,37 @@ +[Unit] +Description=Redundant shortcut-based meta search engine +After=network.target +Wants=network-online.target + +[Service] +Environment=XDG_DATA_HOME=/var/lib RUST_LOG=info +ExecStart=/usr/bin/fastbangs-rs /etc/fastbangs-rs.yaml +Restart=on-failure +RestartSec=10s +Type=simple +User=fastbangs + +AmbientCapabilities=CAP_NET_BIND_SERVICE +CapabilityBoundingSet=CAP_NET_BIND_SERVICE +LockPersonality=yes +MemoryDenyWriteExecute=yes +NoNewPrivileges=yes +PrivateDevices=true +PrivateTmp=true +ProtectClock=yes +ProtectControlGroups=yes +ProtectHome=true +ProtectHostname=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +ProtectSystem=full +RestrictAddressFamilies=~AF_PACKET AF_NETLINK +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +SystemCallArchitectures=native +SystemCallFilter=@system-service + +[Install] +WantedBy=multi-user.target |