summaryrefslogtreecommitdiffstats
path: root/confplanner.service
diff options
context:
space:
mode:
authorLeonardo Bishop <me@leonardobishop.net>2025-08-23 23:06:11 +0100
committerLeonardo Bishop <me@leonardobishop.net>2025-08-23 23:06:11 +0100
commit00dee186de706a5dc152862be74f050e26691a71 (patch)
tree7fae0f3de9f5e2ffe54009f3d2e67910ab85831b /confplanner.service
Initial commitHEADmaster
Diffstat (limited to 'confplanner.service')
-rw-r--r--confplanner.service32
1 files changed, 32 insertions, 0 deletions
diff --git a/confplanner.service b/confplanner.service
new file mode 100644
index 0000000..46a7872
--- /dev/null
+++ b/confplanner.service
@@ -0,0 +1,32 @@
+[Unit]
+Description=Web application to manage conference schedules
+
+[Service]
+User=confplanner
+Restart=always
+ExecStart=/usr/bin/confplanner
+StateDirectory=confplanner
+WorkingDirectory=/etc/confplanner
+
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+NoNewPrivileges=true
+SystemCallFilter=@system-service
+SystemCallErrorNumber=EPERM
+
+ProtectSystem=strict
+ProtectHome=true
+PrivateTmp=true
+PrivateDevices=true
+ExecPaths=/usr/bin/confplanner
+
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+ProtectClock=true
+RestrictRealtime=true
+RestrictSUIDSGID=true
+
+[Install]
+WantedBy=multi-user.target
generated by cgit v1.2.3-70-g09d2 (git 2.51.2) at 2025-11-25 01:58:29 +0000