blob: 3b0c6edccaf03f5a6c80d5e010a9c1be6e2cb0a9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
[Unit]
Description=${SERVICE_NAME}
After=syslog.target
After=network.target
[Service]
Type=simple
User=${SERVICE_USER}
Group=${SERVICE_GROUP}
WorkingDirectory=${SERVICE_HOME}
ExecStart=${SERVICE_HOME}/go-apps/bin/filtron -api '${FILTRON_API}' -listen '${FILTRON_LISTEN}' -rules '${FILTRON_RULES}' -target '${FILTRON_TARGET}'
Restart=always
Environment=USER=${SERVICE_USER} HOME=${SERVICE_HOME}
# Some distributions may not support these hardening directives. If you cannot
# start the service due to an unknown option, comment out the ones not supported
# by your version of systemd.
ProtectSystem=full
PrivateDevices=yes
PrivateTmp=yes
NoNewPrivileges=true
[Install]
WantedBy=multi-user.target
|
