41 lines
1.1 KiB
Desktop File
41 lines
1.1 KiB
Desktop File
[Unit]
|
|
Description=collabore tunnel Make your local services accessible to all on the public Internet
|
|
After=network.target nginx.service
|
|
|
|
[Service]
|
|
Environment=UNIX_SOCKETS_DIRECTORY=/tmp/collabore-tunnel
|
|
Environment=SERVER_HOSTNAME=tnl.clb.re
|
|
Environment=CONFIG_DIRECTORY=.
|
|
Environment=SSH_SERVER_HOST=0.0.0.0
|
|
Environment=SSH_SERVER_PORT=22
|
|
Environment=LOG_DEPTH=2
|
|
WorkingDirectory=/opt/collabore-tunnel
|
|
ExecStart=/usr/bin/python3 main.py
|
|
ExecStop=/bin/kill -9 $MAINPID
|
|
ProtectSystem=strict
|
|
ReadWritePaths=/opt/collabore-tunnel /tmp
|
|
ReadOnlyPaths=/usr/bin
|
|
InaccessiblePaths=...
|
|
ProtectHome=true
|
|
ProtectProc=invisible
|
|
ProtectKernelTunables=true
|
|
ProtectControlGroups=true
|
|
NoNewPrivileges=true
|
|
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
|
|
RestrictNamespaces=uts ipc pid cgroup
|
|
RestrictSUIDSGID=true
|
|
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
|
|
RestrictRealtime=yes
|
|
MemoryDenyWriteExecute=yes
|
|
LockPersonality=yes
|
|
IPAddressAllow=192.168.1.0/24
|
|
PrivateDevices=true
|
|
ProtectKernelModules=true
|
|
ProtectKernelLogs=true
|
|
ProtectClock=true
|
|
SystemCallArchitectures=native
|
|
SystemCallFilter=
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|