From 00dee186de706a5dc152862be74f050e26691a71 Mon Sep 17 00:00:00 2001 From: Leonardo Bishop Date: Sat, 23 Aug 2025 23:06:11 +0100 Subject: Initial commit --- confplanner.service | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 confplanner.service (limited to 'confplanner.service') diff --git a/confplanner.service b/confplanner.service new file mode 100644 index 0000000..46a7872 --- /dev/null +++ b/confplanner.service @@ -0,0 +1,32 @@ +[Unit] +Description=Web application to manage conference schedules + +[Service] +User=confplanner +Restart=always +ExecStart=/usr/bin/confplanner +StateDirectory=confplanner +WorkingDirectory=/etc/confplanner + +CapabilityBoundingSet=CAP_NET_BIND_SERVICE +AmbientCapabilities=CAP_NET_BIND_SERVICE +NoNewPrivileges=true +SystemCallFilter=@system-service +SystemCallErrorNumber=EPERM + +ProtectSystem=strict +ProtectHome=true +PrivateTmp=true +PrivateDevices=true +ExecPaths=/usr/bin/confplanner + +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +ProtectClock=true +RestrictRealtime=true +RestrictSUIDSGID=true + +[Install] +WantedBy=multi-user.target -- cgit v1.2.3-70-g09d2