Initial commit
This commit is contained in:
commit
8e9736435e
|
@ -0,0 +1,23 @@
|
|||
- name: Clone darkhttpd
|
||||
git:
|
||||
dest: '{{ darkhttpd.path }}'
|
||||
repo: 'https://git.redxen.eu/RepoMirrors/darkhttpd'
|
||||
tags:
|
||||
- darkhttpd
|
||||
- packages
|
||||
- name: Build darkhttpd
|
||||
make:
|
||||
chdir: '{{ darkhttpd.path }}'
|
||||
target: all
|
||||
tags:
|
||||
- darkhttpd
|
||||
- packages
|
||||
- name: Copy systemd service file
|
||||
template:
|
||||
follow: yes
|
||||
src: 'darkhttpd.service.j2'
|
||||
dest: '/etc/systemd/system/darkhttpd.service'
|
||||
notify: Run service actions
|
||||
tags:
|
||||
- darkhttpd
|
||||
- systemd
|
|
@ -0,0 +1,29 @@
|
|||
[Unit]
|
||||
Description=DarkHTTP Daemon
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
ExecStart=/darkhttpd /data --port {{ darkhttpd.port }} --addr {{ ansible_ens10.ipv4.address }}
|
||||
Restart=always
|
||||
DynamicUser=true
|
||||
ProtectSystem=strict
|
||||
TemporaryFileSystem=/:ro
|
||||
BindReadOnlyPaths=/usr /lib /lib64 {{ darkhttpd.servepath }}:/data
|
||||
RootDirectory={{ darkhttpd.path }}
|
||||
ProtectSystem=strict
|
||||
PrivateUsers=true
|
||||
NoNewPrivileges=yes
|
||||
ProtectControlGroups=yes
|
||||
ProtectKernelModules=yes
|
||||
ProtectKernelTunables=yes
|
||||
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
|
||||
RestrictNamespaces=yes
|
||||
RestrictRealtime=yes
|
||||
RestrictSUIDSGID=yes
|
||||
MemoryDenyWriteExecute=yes
|
||||
LockPersonality=yes
|
||||
PrivateTmp=yes
|
||||
PrivateDevices=yes
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
Reference in New Issue