From 8d92484c2edc1ad78c2ba02e6f78353a58295809 Mon Sep 17 00:00:00 2001
From: metamuffin <metamuffin@disroot.org>
Date: Mon, 19 May 2025 19:38:08 +0200
Subject: add isda

---
 isdad-git/isdad.service | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 isdad-git/isdad.service

(limited to 'isdad-git/isdad.service')

diff --git a/isdad-git/isdad.service b/isdad-git/isdad.service
new file mode 100644
index 0000000..0722231
--- /dev/null
+++ b/isdad-git/isdad.service
@@ -0,0 +1,33 @@
+[Unit]
+Description=industrial-scale downloading agent daemon process
+After=network.target
+Wants=network-online.target
+
+[Service]
+ExecStart=/usr/bin/isdad /etc/isda.yaml
+WorkingDirectory=/var/lib/isda
+User=isda
+LockPersonality=yes
+MemoryDenyWriteExecute=yes
+NoNewPrivileges=yes
+PrivateDevices=true
+PrivateTmp=true
+ProtectClock=yes
+ProtectControlGroups=yes
+ProtectHome=true
+ProtectHostname=yes
+ProtectKernelLogs=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+ProtectSystem=full
+RestrictAddressFamilies=~AF_PACKET AF_NETLINK
+RestrictNamespaces=yes
+RestrictSUIDSGID=yes
+RestrictRealtime=yes
+Restart=always
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+Type=simple
+
+[Install]
+WantedBy=multi-user.target
-- 
cgit v1.2.3-70-g09d2