RedXen
/
ansible-systemd
Archived
1
0
Fork 0
Code Issues 1 Pull Requests Releases Wiki Activity

Change haproxy user to varnish one (temp) and fix some namespaces in transmission

This commit is contained in:
Alex 2020-05-25 21:39:12 +02:00
parent 92e702c2ee
commit af44cfba00
Signed by: caskd
GPG Key ID: F92BA85F61F4C173
2 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
templates/haproxy.service.j2
View File

@ -2,8 +2,8 @@
StartLimitIntervalSec=0 StartLimitIntervalSec=0
[Service] [Service]
User=nobody User=varnish
Group=nogroup Group=varnish
Restart=always Restart=always
RestartSec=10 RestartSec=10
@ -17,7 +17,6 @@ PrivateTmp=yes
PrivateDevices=yes PrivateDevices=yes
RuntimeDirectory=haproxy RuntimeDirectory=haproxy
SecureBits=noroot
NoNewPrivileges=true NoNewPrivileges=true
RestrictSUIDSGID=yes RestrictSUIDSGID=yes
MemoryDenyWriteExecute=yes MemoryDenyWriteExecute=yes

4
templates/transmission-daemon.service.j2
View File

@ -12,10 +12,10 @@ ProtectSystem=strict
PrivateUsers=true PrivateUsers=true
NoNewPrivileges=yes NoNewPrivileges=yes
ReadWritePaths={{ global.seedbox.transmission.root_dir }} ReadWritePaths={{ transmission.root_dir }}
BindReadOnlyPaths=/usr /lib /lib64 BindReadOnlyPaths=/usr /lib /lib64
TemporaryFileSystem=/:ro TemporaryFileSystem=/:ro
Environment=TRANSMISSION_HOME={{ global.seedbox.transmission.root_dir }}/.config Environment=TRANSMISSION_HOME={{ transmission.root_dir }}/.config
ProtectControlGroups=yes ProtectControlGroups=yes
ProtectKernelModules=yes ProtectKernelModules=yes