Skip to content
Snippets Groups Projects
Normal view Permalink
acmeserver.service 470 B
Newer Older
ale's avatar
Add Debian package metadata
ale committed
1 2 3 4 5 6 7 8 9 
[Unit]
Description=ACMEserver
After=network.target

[Service]
User=acmeserver
Group=acmeserver
EnvironmentFile=-/etc/default/acmeserver
ExecStart=/usr/bin/acmeserver --addr $ADDR
ale's avatar
Add reload support to systemd unit  
ale committed
10 
ExecReload=/bin/kill -HUP $MAINPID
ale's avatar
Add Debian package metadata
ale committed
11 12 13 14 15 16 17 18 19 
Restart=always

# Hardening
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
ProtectHome=yes
ProtectSystem=full
ReadOnlyDirectories=/
ale's avatar
Add a r/w directory  
ale committed
20 
ReadWriteDirectories=/var/lib/acme
ale's avatar
Add Debian package metadata
ale committed
21 22 23 24 25 
CapabilityBoundingSet=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target