Add postfixadmin
This commit is contained in:
Thomas Legay
parent
e3b1112be7
commit
8681875d98
12 changed files with 228 additions and 0 deletions
35
ressources/postfixadmin/debian/mautrix-whatsapp.service
Normal file
35
ressources/postfixadmin/debian/mautrix-whatsapp.service
Normal file
|
|
@ -0,0 +1,35 @@
|
|||
[Unit]
|
||||
Description=mautrix-whatsapp bridge
|
||||
|
||||
[Service]
|
||||
Type=exec
|
||||
User=mautrix-whatsapp
|
||||
WorkingDirectory=/var/lib/mautrix-whatsapp
|
||||
ExecStart=/usr/lib/mautrix-whatsapp/mautrix-whatsapp -c /etc/mautrix-whatsapp/config.yaml
|
||||
Restart=on-failure
|
||||
RestartSec=30s
|
||||
|
||||
# Optional hardening to improve security
|
||||
ReadWritePaths=/var/lib/mautrix-whatsapp /etc/mautrix-whatsapp
|
||||
NoNewPrivileges=yes
|
||||
MemoryDenyWriteExecute=true
|
||||
PrivateDevices=yes
|
||||
PrivateTmp=yes
|
||||
ProtectHome=yes
|
||||
ProtectSystem=strict
|
||||
ProtectControlGroups=true
|
||||
RestrictSUIDSGID=true
|
||||
RestrictRealtime=true
|
||||
LockPersonality=true
|
||||
ProtectKernelLogs=true
|
||||
ProtectKernelTunables=true
|
||||
ProtectHostname=true
|
||||
ProtectKernelModules=true
|
||||
PrivateUsers=true
|
||||
ProtectClock=true
|
||||
SystemCallArchitectures=native
|
||||
SystemCallErrorNumber=EPERM
|
||||
SystemCallFilter=@system-service
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Loading…
Add table
Add a link
Reference in a new issue