Skip to content
Snippets Groups Projects
Normal view Permalink
keystored.service 408 B
Newer Older
ale's avatar
CI configuration and Debian packaging
ale committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 
[Unit]
Description=User Private Key Store
After=network.target

[Service]
User=keystored
Group=keystored
EnvironmentFile=-/etc/default/keystored
ExecStart=/usr/bin/keystored --addr $ADDR
Restart=always

# Hardening
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
ProtectHome=yes
ProtectSystem=full
ReadOnlyDirectories=/
CapabilityBoundingSet=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target