summarylogtreecommitdiffstats
path: root/rqlite.service
diff options
context:
space:
mode:
authorRicardo (XenGi) Band2020-01-15 20:47:50 +0100
committerRicardo (XenGi) Band2020-01-15 20:47:50 +0100
commit681a423569f34dc49c97bd1cbbf6c7bf31467883 (patch)
tree065ef341ba33e68bf0aca16de5b2e0440228c465 /rqlite.service
parent4480b09dd2a3eeea4c03728ee8e84a522c081e48 (diff)
downloadaur-681a423569f34dc49c97bd1cbbf6c7bf31467883.tar.gz
fixed service files
Diffstat (limited to 'rqlite.service')
-rw-r--r--rqlite.service17
1 files changed, 15 insertions, 2 deletions
diff --git a/rqlite.service b/rqlite.service
index e54833b78ac..47a6047bdeb 100644
--- a/rqlite.service
+++ b/rqlite.service
@@ -7,9 +7,22 @@ Wants=network-online.target
Type=simple
User=rqlite
Group=rqlite
-ExecStart=/usr/bin/rqlited -node-id $(cat /etc/machine-id) -http-addr 0.0.0.0:4001 -raft-addr 0.0.0.0:4002 /run/rqlite
+ExecStart=/usr/bin/rqlited -http-addr 0.0.0.0:4001 -raft-addr 0.0.0.0:4002 $STATE_DIRECTORY
Restart=always
-WorkingDirectory=/run/rqlite
+# security
+NoNewPrivileges=true
+ProtectSystem=strict
+ProtectHome=yes
+StateDirectory=rqlite
+StateDirectoryMode=0750
+ConfigurationDirectory=rqlite
+ConfigurationDirectoryMode=0750
+PrivateTmp=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+
[Install]
WantedBy=multi-user.target