discord-account-verification/discord-account-verification.service

[Unit]
Description=discord account verification  Account verification bot for club elec's Discord server
After=network.target

[Service]
Type=exec

# environment variables
Environment=HOME=/opt/discord-account-verification/
Environment=SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
Environment=BOT_TOKEN=
Environment=PUBLIC_CHANNEL=
Environment=DATABASE_PATH=/opt/discord-account-verification/database.db

# working directory and exec
WorkingDirectory=/opt/discord-account-verification
ExecStart=/opt/discord-account-verification/.env/bin/python3 main.py
ExecStop=/usr/bin/kill -9 $MAINPID
Restart=on-failure
RestartSec=10s
User=discord-account-verification
Group=discord-account-verification

# filesystem
TemporaryFileSystem=/:ro
BindReadOnlyPaths=/lib/ /lib64/ /usr/lib/ /usr/lib64/ /etc/ssl/certs/
BindReadOnlyPaths=/usr/bin/python3 /usr/bin/python3.9 /usr/bin/kill
BindPaths=/opt/discord-account-verification/
PrivateTmp=true
PrivateDevices=true
ProtectControlGroups=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectKernelLogs=true
ReadWritePaths=

# network
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6

# misc
SystemCallArchitectures=native
SystemCallFilter=
NoNewPrivileges=true
RestrictRealtime=true
MemoryDenyWriteExecute=true
ProtectKernelLogs=true
LockPersonality=true
ProtectHostname=true
RemoveIPC=true
RestrictSUIDSGID=true
ProtectClock=true
ProtectProc=invisible

# capabilities
RestrictNamespaces=yes
CapabilityBoundingSet=
AmbientCapabilities=

[Install]
WantedBy=multi-user.target
First upload 2023-06-26 13:30:31 +00:00			`[Unit]`
			`Description=discord account verification Account verification bot for club elec's Discord server`
			`After=network.target`

			`[Service]`
			`Type=exec`

			`# environment variables`
			`Environment=HOME=/opt/discord-account-verification/`
Update discord-account-verification.service 2023-06-26 14:14:06 +00:00			`Environment=SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt`
First upload 2023-06-26 13:30:31 +00:00			`Environment=BOT_TOKEN=`
			`Environment=PUBLIC_CHANNEL=`
			`Environment=DATABASE_PATH=/opt/discord-account-verification/database.db`

			`# working directory and exec`
			`WorkingDirectory=/opt/discord-account-verification`
			`ExecStart=/opt/discord-account-verification/.env/bin/python3 main.py`
			`ExecStop=/usr/bin/kill -9 $MAINPID`
			`Restart=on-failure`
			`RestartSec=10s`
			`User=discord-account-verification`
			`Group=discord-account-verification`

			`# filesystem`
			`TemporaryFileSystem=/:ro`
Update discord-account-verification.service 2023-06-26 14:14:06 +00:00			`BindReadOnlyPaths=/lib/ /lib64/ /usr/lib/ /usr/lib64/ /etc/ssl/certs/`
			`BindReadOnlyPaths=/usr/bin/python3 /usr/bin/python3.9 /usr/bin/kill`
			`BindPaths=/opt/discord-account-verification/`
First upload 2023-06-26 13:30:31 +00:00			`PrivateTmp=true`
			`PrivateDevices=true`
			`ProtectControlGroups=true`
			`ProtectKernelModules=true`
			`ProtectKernelTunables=true`
			`ProtectKernelLogs=true`
			`ReadWritePaths=`

			`# network`
			`RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6`

			`# misc`
			`SystemCallArchitectures=native`
			`SystemCallFilter=`
			`NoNewPrivileges=true`
			`RestrictRealtime=true`
			`MemoryDenyWriteExecute=true`
			`ProtectKernelLogs=true`
			`LockPersonality=true`
			`ProtectHostname=true`
			`RemoveIPC=true`
			`RestrictSUIDSGID=true`
			`ProtectClock=true`
			`ProtectProc=invisible`

			`# capabilities`
			`RestrictNamespaces=yes`
			`CapabilityBoundingSet=`
			`AmbientCapabilities=`

			`[Install]`
			`WantedBy=multi-user.target`