Skip to content

Commit

Permalink
chore(systemd): add systemd service files (#22)
Browse files Browse the repository at this point in the history
Add systemd files to serve files from /var/lib/rustypaste, automatic
user creation via systemd-sysusers and AUTH_TOKEN configuration via
rustypaste.env in /etc/rustypaste/rustypaste.env.

implements #16
  • Loading branch information
freswa authored Mar 25, 2022
1 parent 8ed0b7b commit 8679ff9
Show file tree
Hide file tree
Showing 4 changed files with 35 additions and 0 deletions.
2 changes: 2 additions & 0 deletions extra/systemd/rustypaste.env
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
# To enable basic HTTP auth, set the AUTH_TOKEN
AUTH_TOKEN=""
31 changes: 31 additions & 0 deletions extra/systemd/rustypaste.service
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
[Unit]
Description=Rustypaste server
After=network-online.target
Wants=network-online.target systemd-networkd-wait-online.service

[Service]
User=rustypaste
Group=rustypaste
ExecStart=/usr/bin/rustypaste
ReadWritePaths=/var/lib/rustypaste
ReadOnlyPaths=/etc/rustypaste

WorkingDirectory=/var/lib/rustypaste
Environment="CONFIG=/etc/rustypaste/config.toml"
EnvironmentFile=/etc/rustypaste/rustypaste.env

# Hardening options
CapabilityBoundingSet=
AmbientCapabilities=
NoNewPrivileges=true
ProtectHome=true
ProtectSystem=strict
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectControlGroups=true
PrivateTmp=true
PrivateDevices=true
LockPersonality=true

[Install]
WantedBy=multi-user.target
1 change: 1 addition & 0 deletions extra/systemd/rustypaste.sysusers
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
u rustypaste - "Minimal file upload/pastebin service" /var/lib/rustypaste
1 change: 1 addition & 0 deletions extra/systemd/rustypaste.tmpfiles
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
d /var/lib/rustypaste 0750 rustypaste rustypaste

0 comments on commit 8679ff9

Please sign in to comment.