38 lines
927 B
Desktop File
38 lines
927 B
Desktop File
[Unit]
|
|
Description=Cubby in-memory key-value cache (system-wide)
|
|
Documentation=https://git.juancwu.dev/juancwu/cubby
|
|
After=network.target
|
|
|
|
[Service]
|
|
Type=simple
|
|
# Run as a dedicated user. Create with:
|
|
# sudo useradd --system --no-create-home --shell /usr/sbin/nologin cubby
|
|
User=cubby
|
|
Group=cubby
|
|
|
|
# Path to the cubby binary. Build with:
|
|
# go build -o /usr/local/bin/cubby ./cmd/cubby
|
|
ExecStart=/usr/local/bin/cubby -socket /run/cubby/cubby.sock -group cubby
|
|
|
|
# /run/cubby/ is created automatically and owned by User/Group above.
|
|
RuntimeDirectory=cubby
|
|
RuntimeDirectoryMode=0755
|
|
|
|
Restart=on-failure
|
|
RestartSec=2s
|
|
|
|
# Hardening
|
|
NoNewPrivileges=true
|
|
PrivateTmp=true
|
|
ProtectSystem=strict
|
|
ProtectHome=true
|
|
ProtectKernelTunables=true
|
|
ProtectKernelModules=true
|
|
ProtectControlGroups=true
|
|
RestrictAddressFamilies=AF_UNIX
|
|
RestrictNamespaces=true
|
|
LockPersonality=true
|
|
MemoryDenyWriteExecute=true
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|