summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorArsen Arsenović <arsen@aarsen.me>2024-04-19 14:40:52 +0200
committerArsen Arsenović <arsen@aarsen.me>2024-04-19 22:32:24 +0200
commit97eaacf1ac039e827b61ef1245f33eee64a80c28 (patch)
tree3ec37c5d15ee4424e5f2e7d5be6a91bae8e8e5a4 /net-im/conduit/files
parentinitial (diff)
downloadarsen-97eaacf1ac039e827b61ef1245f33eee64a80c28.tar.gz
arsen-97eaacf1ac039e827b61ef1245f33eee64a80c28.tar.bz2
arsen-97eaacf1ac039e827b61ef1245f33eee64a80c28.zip
net-im/conduit: new package, add 0.6.0
Signed-off-by: Arsen Arsenović <arsen@aarsen.me>
Diffstat (limited to 'net-im/conduit/files')
-rw-r--r--net-im/conduit/files/matrix-conduit.service50
1 files changed, 50 insertions, 0 deletions
diff --git a/net-im/conduit/files/matrix-conduit.service b/net-im/conduit/files/matrix-conduit.service
new file mode 100644
index 0000000..7643095
--- /dev/null
+++ b/net-im/conduit/files/matrix-conduit.service
@@ -0,0 +1,50 @@
+# Based on debian/matrix-conduit.service from Conduit -*- conf -*-
+# Modified by Arsen
+[Unit]
+Description=Conduit Matrix homeserver
+After=network.target
+ConditionPathExists=/etc/matrix-conduit/conduit.toml
+
+[Service]
+DynamicUser=yes
+User=conduit
+Group=conduit
+Type=simple
+
+AmbientCapabilities=
+CapabilityBoundingSet=
+LockPersonality=yes
+MemoryDenyWriteExecute=yes
+NoNewPrivileges=yes
+ProtectClock=yes
+ProtectControlGroups=yes
+ProtectHome=yes
+ProtectHostname=yes
+ProtectKernelLogs=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+ProtectSystem=strict
+PrivateDevices=yes
+PrivateMounts=yes
+PrivateTmp=yes
+PrivateUsers=yes
+RemoveIPC=yes
+RestrictAddressFamilies=AF_INET AF_INET6
+RestrictNamespaces=yes
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+SystemCallErrorNumber=EPERM
+StateDirectory=matrix-conduit
+
+Environment="CONDUIT_CONFIG=/etc/matrix-conduit/conduit.toml"
+
+ExecStart=/usr/sbin/conduit
+Restart=on-failure
+RestartSec=10
+StartLimitInterval=1m
+StartLimitBurst=5
+
+[Install]
+WantedBy=multi-user.target