salt-netbox-roleproxy/roleproxy.service
Georg Pfuetzenreuter 66bb3028e7
Add service user definition
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-29 19:38:50 +01:00

26 lines
606 B
Desktop File

# This file is shipped as part of the salt-netbox-roleproxy package.
# Author: Georg Pfuetzenreuter <mail+rpm@georg-pfuetzenreuter.net>
[Unit]
Description=Salt NetBox Role Proxy
[Service]
User=_roleproxy
Group=_roleproxy
EnvironmentFile=/etc/sysconfig/roleproxy
ExecStart=/usr/local/bin/roleproxy.py
ProtectSystem=strict
ProtectHome=yes
PrivateDevices=yes
PrivateTmp=yes
PrivateUsers=yes
ProtectKernelTunables=yes
ProtectKernelLogs=yes
ProtectControlGroups=yes
RestrictAddressFamilies=AF_INET6 AF_INET
SystemCallArchitectures=native
SystemCallFilter=@system-service
[Install]
WantedBy=multi-user.target