contrib/systemd: add template files

This commit is contained in:
Simon Ser 2021-07-24 15:40:24 +02:00
parent abe91778bd
commit df92b86604
3 changed files with 31 additions and 0 deletions

View File

@ -0,0 +1,29 @@
[Unit]
Description=tlstunnel reverse proxy
Documentation=https://sr.ht/~emersion/tlstunnel
After=network.target
[Service]
User=tlstunnel
ExecStart=/usr/bin/tlstunnel
ExecReload=kill -HUP $MAINPID
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
# Hardening options
PrivateTmp=true
PrivateDevices=true
ProtectHome=true
ProtectSystem=strict
ReadWritePaths=/var/lib/tlstunnel
AmbientCapabilities=CAP_NET_BIND_SERVICE
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
NoNewPrivileges=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectControlGroups=true
LockPersonality=true
[Install]
WantedBy=multi-user.target

View File

@ -0,0 +1 @@
u tlstunnel - "tlstunnel user" /var/lib/tlstunnel

View File

@ -0,0 +1 @@
d /var/lib/tlstunnel 0750 tlstunnel tlstunnel -