Add init scripts for systemd user, systemd system, and freebsd
This commit is contained in:
parent
581813734f
commit
53e57b9dc6
3 changed files with 89 additions and 0 deletions
13
init-scripts/freebsd-rc
Normal file
13
init-scripts/freebsd-rc
Normal file
|
@ -0,0 +1,13 @@
|
|||
#!/bin/sh
|
||||
. /etc/rc.subr
|
||||
name="python_talk"
|
||||
start_cmd="${name}_start"
|
||||
stop_cmd=":"
|
||||
rcvar=python_talk_enable
|
||||
load_rc_config $name
|
||||
: ${python_talk_enable:=no}
|
||||
python_talk_start() {
|
||||
cd /usr/src/python-talk
|
||||
(while true; do python3 server.py --link=37.27.51.34:65048 --no-log --no-cache --cwlgd 2>&1 >> /var/log/python-talk.log; done) &
|
||||
}
|
||||
run_rc_command "$1"
|
38
init-scripts/systemd-system.service
Normal file
38
init-scripts/systemd-system.service
Normal file
|
@ -0,0 +1,38 @@
|
|||
[Unit]
|
||||
Description=firepup's python-talk
|
||||
|
||||
[Service]
|
||||
DynamicUser=yes
|
||||
WorkingDirectory=/opt/python-talk
|
||||
ExecStart=/usr/bin/python3 server.py --link=37.27.51.34:65048 --no-logs --no-cache --cwlgd
|
||||
Restart=always
|
||||
RestartSec=5
|
||||
NoNewPrivileges=true
|
||||
RestrictSUIDSGID=true
|
||||
ProtectSystem=strict
|
||||
ProtectHome=true
|
||||
ProtectProc=ptraceable
|
||||
ProcSubset=pid
|
||||
PrivateTmp=true
|
||||
CapabilityBoundingSet=
|
||||
PrivateDevices=true
|
||||
ProtectClock=true
|
||||
ProtectKernelLogs=true
|
||||
ProtectControlGroups=true
|
||||
ProtectKernelModules=true
|
||||
SystemCallArchitectures=native
|
||||
# python.
|
||||
MemoryDenyWriteExecute=false
|
||||
RestrictNamespaces=true
|
||||
ProtectHostname=true
|
||||
LockPersonality=true
|
||||
ProtectKernelTunables=true
|
||||
RestrictAddressFamilies=AF_INET
|
||||
RestrictRealtime=true
|
||||
PrivateUsers=true
|
||||
SystemCallFilter=@system-service
|
||||
SystemCallFilter=~@privileged @resources
|
||||
UMask=0077
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
38
init-scripts/systemd-user.service
Normal file
38
init-scripts/systemd-user.service
Normal file
|
@ -0,0 +1,38 @@
|
|||
[Unit]
|
||||
Description=firepup's python-talk
|
||||
|
||||
[Service]
|
||||
DynamicUser=yes
|
||||
WorkingDirectory=/opt/python-talk
|
||||
ExecStart=/usr/bin/python3 server.py --link=37.27.51.34:65048 --no-logs --no-cache --cwlgd
|
||||
Restart=always
|
||||
RestartSec=5
|
||||
NoNewPrivileges=true
|
||||
RestrictSUIDSGID=true
|
||||
ProtectSystem=strict
|
||||
ProtectHome=true
|
||||
ProtectProc=ptraceable
|
||||
ProcSubset=pid
|
||||
PrivateTmp=true
|
||||
CapabilityBoundingSet=
|
||||
PrivateDevices=true
|
||||
ProtectClock=true
|
||||
ProtectKernelLogs=true
|
||||
ProtectControlGroups=true
|
||||
ProtectKernelModules=true
|
||||
SystemCallArchitectures=native
|
||||
# python.
|
||||
MemoryDenyWriteExecute=false
|
||||
RestrictNamespaces=true
|
||||
ProtectHostname=true
|
||||
LockPersonality=true
|
||||
ProtectKernelTunables=true
|
||||
RestrictAddressFamilies=AF_INET
|
||||
RestrictRealtime=true
|
||||
PrivateUsers=true
|
||||
SystemCallFilter=@system-service
|
||||
SystemCallFilter=~@privileged @resources
|
||||
UMask=0077
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
Loading…
Reference in a new issue