Compare commits
2 commits
581813734f
...
60098ddfd4
| Author | SHA1 | Date | |
|---|---|---|---|
60098ddfd4
|
|||
|
53e57b9dc6
|
3 changed files with 89 additions and 0 deletions
13
init-scripts/freebsd-rc
Normal file
13
init-scripts/freebsd-rc
Normal file
|
|
@ -0,0 +1,13 @@
|
||||||
|
#!/bin/sh
|
||||||
|
. /etc/rc.subr
|
||||||
|
name="python_talk"
|
||||||
|
start_cmd="${name}_start"
|
||||||
|
stop_cmd=":"
|
||||||
|
rcvar=python_talk_enable
|
||||||
|
load_rc_config $name
|
||||||
|
: ${python_talk_enable:=no}
|
||||||
|
python_talk_start() {
|
||||||
|
cd /usr/src/python-talk
|
||||||
|
(while true; do python3 server.py --link=37.27.51.34:65048 --no-log --no-cache --cwlgd 2>&1 >> /var/log/python-talk.log; done) &
|
||||||
|
}
|
||||||
|
run_rc_command "$1"
|
||||||
38
init-scripts/systemd-system.service
Normal file
38
init-scripts/systemd-system.service
Normal file
|
|
@ -0,0 +1,38 @@
|
||||||
|
[Unit]
|
||||||
|
Description=firepup's python-talk
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
DynamicUser=yes
|
||||||
|
WorkingDirectory=/opt/python-talk
|
||||||
|
ExecStart=/usr/bin/python3 server.py --link=37.27.51.34:65048 --no-logs --no-cache --cwlgd
|
||||||
|
Restart=always
|
||||||
|
RestartSec=5
|
||||||
|
NoNewPrivileges=true
|
||||||
|
RestrictSUIDSGID=true
|
||||||
|
ProtectSystem=strict
|
||||||
|
ProtectHome=true
|
||||||
|
ProtectProc=ptraceable
|
||||||
|
ProcSubset=pid
|
||||||
|
PrivateTmp=true
|
||||||
|
CapabilityBoundingSet=
|
||||||
|
PrivateDevices=true
|
||||||
|
ProtectClock=true
|
||||||
|
ProtectKernelLogs=true
|
||||||
|
ProtectControlGroups=true
|
||||||
|
ProtectKernelModules=true
|
||||||
|
SystemCallArchitectures=native
|
||||||
|
# python.
|
||||||
|
MemoryDenyWriteExecute=false
|
||||||
|
RestrictNamespaces=true
|
||||||
|
ProtectHostname=true
|
||||||
|
LockPersonality=true
|
||||||
|
ProtectKernelTunables=true
|
||||||
|
RestrictAddressFamilies=AF_INET
|
||||||
|
RestrictRealtime=true
|
||||||
|
PrivateUsers=true
|
||||||
|
SystemCallFilter=@system-service
|
||||||
|
SystemCallFilter=~@privileged @resources
|
||||||
|
UMask=0077
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
38
init-scripts/systemd-user.service
Normal file
38
init-scripts/systemd-user.service
Normal file
|
|
@ -0,0 +1,38 @@
|
||||||
|
[Unit]
|
||||||
|
Description=firepup's python-talk
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
WorkingDirectory=%h/python-talk
|
||||||
|
ExecStart=/usr/bin/python3 server.py --link=37.27.51.34:65048 --no-logs --no-cache --cwlgd
|
||||||
|
Restart=always
|
||||||
|
RestartSec=5
|
||||||
|
NoNewPrivileges=true
|
||||||
|
RestrictSUIDSGID=true
|
||||||
|
ProtectSystem=strict
|
||||||
|
ProtectHome=tmpfs
|
||||||
|
BindReadOnlyPaths=%h/python-talk
|
||||||
|
ProtectProc=ptraceable
|
||||||
|
ProcSubset=pid
|
||||||
|
PrivateTmp=true
|
||||||
|
CapabilityBoundingSet=
|
||||||
|
PrivateDevices=true
|
||||||
|
ProtectClock=true
|
||||||
|
ProtectKernelLogs=true
|
||||||
|
ProtectControlGroups=true
|
||||||
|
ProtectKernelModules=true
|
||||||
|
SystemCallArchitectures=native
|
||||||
|
# python.
|
||||||
|
MemoryDenyWriteExecute=false
|
||||||
|
RestrictNamespaces=true
|
||||||
|
ProtectHostname=true
|
||||||
|
LockPersonality=true
|
||||||
|
ProtectKernelTunables=true
|
||||||
|
RestrictAddressFamilies=AF_INET
|
||||||
|
RestrictRealtime=true
|
||||||
|
PrivateUsers=true
|
||||||
|
SystemCallFilter=@system-service
|
||||||
|
SystemCallFilter=~@privileged @resources
|
||||||
|
UMask=0077
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=default.target
|
||||||
Loading…
Reference in a new issue