python-talk/init-scripts/systemd-system.service

[Unit]
Description=firepup's python-talk

[Service]
DynamicUser=yes
WorkingDirectory=/opt/python-talk
ExecStart=/usr/bin/python3 server.py --link=37.27.51.34:65048 --no-logs --no-cache --cwlgd
Restart=always
RestartSec=5
NoNewPrivileges=true
RestrictSUIDSGID=true
ProtectSystem=strict
ProtectHome=true
ProtectProc=ptraceable
ProcSubset=pid
PrivateTmp=true
CapabilityBoundingSet=
PrivateDevices=true
ProtectClock=true
ProtectKernelLogs=true
ProtectControlGroups=true
ProtectKernelModules=true
SystemCallArchitectures=native
# python.
MemoryDenyWriteExecute=false
RestrictNamespaces=true
ProtectHostname=true
LockPersonality=true
ProtectKernelTunables=true
RestrictAddressFamilies=AF_INET
RestrictRealtime=true
PrivateUsers=true
SystemCallFilter=@system-service
SystemCallFilter=~@privileged @resources
UMask=0077

[Install]
WantedBy=multi-user.target
Add init scripts for systemd user, systemd system, and freebsd 2024-07-16 23:57:42 +00:00			`[Unit]`
			`Description=firepup's python-talk`

			`[Service]`
			`DynamicUser=yes`
			`WorkingDirectory=/opt/python-talk`
			`ExecStart=/usr/bin/python3 server.py --link=37.27.51.34:65048 --no-logs --no-cache --cwlgd`
			`Restart=always`
			`RestartSec=5`
			`NoNewPrivileges=true`
			`RestrictSUIDSGID=true`
			`ProtectSystem=strict`
			`ProtectHome=true`
			`ProtectProc=ptraceable`
			`ProcSubset=pid`
			`PrivateTmp=true`
			`CapabilityBoundingSet=`
			`PrivateDevices=true`
			`ProtectClock=true`
			`ProtectKernelLogs=true`
			`ProtectControlGroups=true`
			`ProtectKernelModules=true`
			`SystemCallArchitectures=native`
			`# python.`
			`MemoryDenyWriteExecute=false`
			`RestrictNamespaces=true`
			`ProtectHostname=true`
			`LockPersonality=true`
			`ProtectKernelTunables=true`
			`RestrictAddressFamilies=AF_INET`
			`RestrictRealtime=true`
			`PrivateUsers=true`
			`SystemCallFilter=@system-service`
			`SystemCallFilter=~@privileged @resources`
			`UMask=0077`

			`[Install]`
			`WantedBy=multi-user.target`