forked from sidor0912/FunPayCardinal
-
Notifications
You must be signed in to change notification settings - Fork 0
/
FunPayCardinal@.service
40 lines (35 loc) · 1.44 KB
/
FunPayCardinal@.service
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
[Install]
WantedBy=multi-user.target
[Service]
Type=simple
WorkingDirectory=/home/%i/FunPayCardinal
ExecStart=/home/%i/pyvenv/bin/python /home/%i/FunPayCardinal/main.py
Restart=always
RestartSec=10s
SyslogIdentifier=FunPayCardinal-%i
User=%i
Environment="LANG=en_US.utf8"
Environment="FPC_IS_RUNNIG_AS_SERVICE=1"
ExecStartPre=+/usr/bin/install -m 755 -o root -g root -d /run/FunPayCardinal
ExecStartPre=+/usr/bin/install -m 755 -o %i -g root -d /run/FunPayCardinal/%i
PIDFile=/run/FunPayCardinal/%i/FunPayCardinal.pid
# FunPayCardinal security hardening, all of the below entries are optional, but their existence improves security of your system
# * As stated above this entries are optional, if some of the below entries are not supported by your system, you can safely remove them
# * If something doesn't work, you can try to remove some of the below entries, but please do it one by one, so you can identify which entry is causing the issue
DevicePolicy=closed
NoNewPrivileges=yes
PrivateDevices=yes
PrivateMounts=yes
PrivateTmp=yes
PrivateUsers=yes
ProtectHostname=yes
# Prevent writes to /usr, /boot, and /etc
ProtectSystem=full
ReadWritePaths=/home/%i/FunPayCardinal /home/%i/pyvenv -/run/FunPayCardinal
# Prevent other services from accessing PID file
# UMask=0077
# End of FunPayCardinal security hardening
[Unit]
After=network.target
Description=FunPayCardinal Bot Service (on %I)
Documentation=https://github.com/sidor0912/FunPayCardinal/blob/main/README.md