sso-server.service 419 B
[Unit]
Description=SSO Server
After=network.target auth-server.socket
[Service]
User=sso-server
Group=sso-server
EnvironmentFile=-/etc/default/sso-server
ExecStart=/usr/bin/sso-server --addr $ADDR
Restart=always
# Hardening
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
ProtectHome=yes
ProtectSystem=full
ReadOnlyDirectories=/
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target