| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354 |
- [Unit]
- Description=Yet Another Monitoring Tool for the Babel routing daemon
- Documentation=https://github.com/Vivena/babelweb2
- [Service]
- LimitNOFILE=1048576
- LimitNPROC=512
- DynamicUser=true
- CapabilityBoundingSet=
- RestrictAddressFamilies=AF_INET AF_INET6
- RestrictNamespaces=yes
- RestrictNetworkInterfaces=lo
- PrivateDevices=yes
- PrivateNetwork=no
- PrivateUsers=yes
- ProtectClock=yes
- ProtectControlGroups=yes
- ProtectHome=yes
- ProtectKernelLogs=yes
- ProtectKernelModules=yes
- ProtectKernelTunables=yes
- ProtectProc=invisible
- ProtectHostname=yes
- SystemCallArchitectures=native
- SystemCallFilter=~@clock
- SystemCallFilter=~@debug
- SystemCallFilter=~@module
- SystemCallFilter=~@mount
- SystemCallFilter=~@raw-io
- SystemCallFilter=~@reboot
- SystemCallFilter=~@swap
- SystemCallFilter=~@privileged
- SystemCallFilter=~@resources
- SystemCallFilter=~@cpu-emulation
- SystemCallFilter=~@obsolete
- RestrictRealtime=yes
- LockPersonality=yes
- MemoryDenyWriteExecute=yes
- ProcSubset=pid
- EnvironmentFile=/etc/default/babelweb2
- ExecStart=/usr/local/bin/babelweb2 -http $PORT -static $STATIC_DIR
- ExecReload=/bin/kill -SIGUSR1 $MAINPID
- Restart=on-failure
- [Install]
- WantedBy=multi-user.target
|
