Krautspace/plenums_invite
6
1
Fork 0
Code Issues Pull requests Releases Activity
plenums_invite/plenums_invite.service

39 lines
926 B
Desktop File
Raw Permalink Blame History

[Unit]
Description=Send invitation to Hackspace's Announce Discourse
[Service]
Type=oneshot
ExecStart=/opt/plenums_invite/invite.py -c ${CREDENTIALS_DIRECTORY}/plenums_invite_conf
WorkingDirectory=/opt/plenums_invite
LoadCredential=plenums_invite_conf:/opt/plenums_invite/invite.conf
UMask=077
DynamicUser=yes
PrivateDevices=yes
PrivateUsers=yes
PrivateTmp=yes
ProtectSystem=strict
ProtectHome=yes
ProtectClock=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectControlGroups=yes
ProtectKernelLogs=yes
ProtectProc=invisible
ProcSubset=pid
ProtectHostname=yes
ReadOnlyDirectories=/
NoNewPrivileges=true
CapabilityBoundingSet=
MemoryDenyWriteExecute=true
RestrictRealtime=true
RestrictNamespaces=true
SystemCallArchitectures=native
LockPersonality=yes
SystemCallFilter=~@clock @debug @module @mount @raw-io @reboot @swap @privileged @resources @cpu-emulation @obsolete
RestrictAddressFamilies=AF_INET AF_INET6
Reference in a new issue View git blame Copy permalink