Add init scripts for systemd user, systemd system, and freebsd

This commit is contained in:
9pfs 2024-07-16 16:57:42 -07:00
parent 581813734f
commit 53e57b9dc6
Signed by: 9pfs
SSH key fingerprint: SHA256:CaA1uwKR8/GktelnvV8GG/08aFTsmM4tfbLB69QgYWo
3 changed files with 89 additions and 0 deletions

13
init-scripts/freebsd-rc Normal file
View file

@ -0,0 +1,13 @@
#!/bin/sh
. /etc/rc.subr
name="python_talk"
start_cmd="${name}_start"
stop_cmd=":"
rcvar=python_talk_enable
load_rc_config $name
: ${python_talk_enable:=no}
python_talk_start() {
cd /usr/src/python-talk
(while true; do python3 server.py --link=37.27.51.34:65048 --no-log --no-cache --cwlgd 2>&1 >> /var/log/python-talk.log; done) &
}
run_rc_command "$1"

View file

@ -0,0 +1,38 @@
[Unit]
Description=firepup's python-talk
[Service]
DynamicUser=yes
WorkingDirectory=/opt/python-talk
ExecStart=/usr/bin/python3 server.py --link=37.27.51.34:65048 --no-logs --no-cache --cwlgd
Restart=always
RestartSec=5
NoNewPrivileges=true
RestrictSUIDSGID=true
ProtectSystem=strict
ProtectHome=true
ProtectProc=ptraceable
ProcSubset=pid
PrivateTmp=true
CapabilityBoundingSet=
PrivateDevices=true
ProtectClock=true
ProtectKernelLogs=true
ProtectControlGroups=true
ProtectKernelModules=true
SystemCallArchitectures=native
# python.
MemoryDenyWriteExecute=false
RestrictNamespaces=true
ProtectHostname=true
LockPersonality=true
ProtectKernelTunables=true
RestrictAddressFamilies=AF_INET
RestrictRealtime=true
PrivateUsers=true
SystemCallFilter=@system-service
SystemCallFilter=~@privileged @resources
UMask=0077
[Install]
WantedBy=multi-user.target

View file

@ -0,0 +1,38 @@
[Unit]
Description=firepup's python-talk
[Service]
DynamicUser=yes
WorkingDirectory=/opt/python-talk
ExecStart=/usr/bin/python3 server.py --link=37.27.51.34:65048 --no-logs --no-cache --cwlgd
Restart=always
RestartSec=5
NoNewPrivileges=true
RestrictSUIDSGID=true
ProtectSystem=strict
ProtectHome=true
ProtectProc=ptraceable
ProcSubset=pid
PrivateTmp=true
CapabilityBoundingSet=
PrivateDevices=true
ProtectClock=true
ProtectKernelLogs=true
ProtectControlGroups=true
ProtectKernelModules=true
SystemCallArchitectures=native
# python.
MemoryDenyWriteExecute=false
RestrictNamespaces=true
ProtectHostname=true
LockPersonality=true
ProtectKernelTunables=true
RestrictAddressFamilies=AF_INET
RestrictRealtime=true
PrivateUsers=true
SystemCallFilter=@system-service
SystemCallFilter=~@privileged @resources
UMask=0077
[Install]
WantedBy=multi-user.target