From af44cfba00b15d8b241cc57a1cd1ed206c997c6f Mon Sep 17 00:00:00 2001
From: Alex <caskd@420blaze.it>
Date: Mon, 25 May 2020 21:39:12 +0200
Subject: [PATCH] Change haproxy user to varnish one (temp) and fix some
 namespaces in transmission

---
 templates/haproxy.service.j2             | 5 ++---
 templates/transmission-daemon.service.j2 | 4 ++--
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/templates/haproxy.service.j2 b/templates/haproxy.service.j2
index 0d57e7f..96d9467 100644
--- a/templates/haproxy.service.j2
+++ b/templates/haproxy.service.j2
@@ -2,8 +2,8 @@
 StartLimitIntervalSec=0
 
 [Service]
-User=nobody
-Group=nogroup
+User=varnish
+Group=varnish
 
 Restart=always
 RestartSec=10
@@ -17,7 +17,6 @@ PrivateTmp=yes
 PrivateDevices=yes
 RuntimeDirectory=haproxy
 
-SecureBits=noroot
 NoNewPrivileges=true
 RestrictSUIDSGID=yes
 MemoryDenyWriteExecute=yes
diff --git a/templates/transmission-daemon.service.j2 b/templates/transmission-daemon.service.j2
index 5b891f2..f98cc00 100644
--- a/templates/transmission-daemon.service.j2
+++ b/templates/transmission-daemon.service.j2
@@ -12,10 +12,10 @@ ProtectSystem=strict
 PrivateUsers=true
 NoNewPrivileges=yes
 
-ReadWritePaths={{ global.seedbox.transmission.root_dir }}
+ReadWritePaths={{ transmission.root_dir }}
 BindReadOnlyPaths=/usr /lib /lib64
 TemporaryFileSystem=/:ro
-Environment=TRANSMISSION_HOME={{ global.seedbox.transmission.root_dir }}/.config
+Environment=TRANSMISSION_HOME={{ transmission.root_dir }}/.config
 
 ProtectControlGroups=yes
 ProtectKernelModules=yes