Update some vars and add murmur service

2020-05-21 20:18:37 +02:00 · 2020-05-21 20:18:37 +02:00 · 105f71efcd
parent 95fbf873af
commit 105f71efcd
3 changed files with 22 additions and 2 deletions
--- a/templates/influxdb.service.j2
+++ b/templates/influxdb.service.j2
@ -8,6 +8,7 @@ RestartSec=10
 # TODO: Add mounts
 TemporaryFileSystem=/:ro
 BindReadOnlyPaths=/etc/influxdb /usr /lib /lib64
+BindPaths={{ influxdb.storage }}

 SecureBits=noroot
 ProtectSystem=strict
--- a/templates/murmur.service.j2
+++ b/templates/murmur.service.j2
@ -0,0 +1,19 @@
+[Service]
+ExecStart=
+ExecStart=/usr/sbin/murmurd -fg -ini {{ global.murmur.configpath }}
+ProtectSystem=strict
+PrivateUsers=true
+NoNewPrivileges=yes
+TemporaryFileSystem=/:ro
+BindReadOnlyPaths={{ global.murmur.configpath }} /usr /lib /lib64
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
+RestrictNamespaces=yes
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+MemoryDenyWriteExecute=yes
+LockPersonality=yes
+PrivateTmp=yes
+PrivateDevices=yes
--- a/templates/transmission-daemon.service.j2
+++ b/templates/transmission-daemon.service.j2
@ -12,10 +12,10 @@ ProtectSystem=strict
 PrivateUsers=true
 NoNewPrivileges=yes

-ReadWritePaths={{ transmission.root_dir }}
+ReadWritePaths={{ global.seedbox.transmission.root_dir }}
 BindReadOnlyPaths=/usr /lib /lib64
 TemporaryFileSystem=/:ro
-Environment=TRANSMISSION_HOME={{ transmission.root_dir }}/.config
+Environment=TRANSMISSION_HOME={{ global.seedbox.transmission.root_dir }}/.config

 ProtectControlGroups=yes
 ProtectKernelModules=yes