From 48f0d622df5d0bc7c4f5b8b04f34e93bfff7b732 Mon Sep 17 00:00:00 2001
From: metamuffin <metamuffin@disroot.org>
Date: Wed, 9 Apr 2025 15:38:27 +0200
Subject: add fastbangs-rs

---
 fastbangs-rs-git/fastbangs-rs.service | 37 +++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 fastbangs-rs-git/fastbangs-rs.service

(limited to 'fastbangs-rs-git/fastbangs-rs.service')

diff --git a/fastbangs-rs-git/fastbangs-rs.service b/fastbangs-rs-git/fastbangs-rs.service
new file mode 100644
index 0000000..aa953af
--- /dev/null
+++ b/fastbangs-rs-git/fastbangs-rs.service
@@ -0,0 +1,37 @@
+[Unit]
+Description=Redundant shortcut-based meta search engine
+After=network.target
+Wants=network-online.target
+
+[Service]
+Environment=XDG_DATA_HOME=/var/lib RUST_LOG=info
+ExecStart=/usr/bin/fastbangs-rs /etc/fastbangs-rs.yaml
+Restart=on-failure
+RestartSec=10s
+Type=simple
+User=fastbangs
+
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+LockPersonality=yes
+MemoryDenyWriteExecute=yes
+NoNewPrivileges=yes
+PrivateDevices=true
+PrivateTmp=true
+ProtectClock=yes
+ProtectControlGroups=yes
+ProtectHome=true
+ProtectHostname=yes
+ProtectKernelLogs=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+ProtectSystem=full
+RestrictAddressFamilies=~AF_PACKET AF_NETLINK
+RestrictNamespaces=yes
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+
+[Install]
+WantedBy=multi-user.target
-- 
cgit v1.2.3-70-g09d2