2020-01-08 19:21:07 +01:00
|
|
|
[Unit]
|
|
|
|
|
|
|
|
|
|
Description=${SERVICE_NAME}
|
|
|
|
|
After=syslog.target
|
|
|
|
|
After=network.target
|
|
|
|
|
|
|
|
|
|
[Service]
|
|
|
|
|
|
|
|
|
|
Type=simple
|
|
|
|
|
User=${SERVICE_USER}
|
|
|
|
|
Group=${SERVICE_GROUP}
|
|
|
|
|
WorkingDirectory=${SERVICE_HOME}
|
2020-01-09 16:25:05 +01:00
|
|
|
ExecStart=${SERVICE_HOME}/go-apps/bin/filtron -api '${FILTRON_API}' -listen '${FILTRON_LISTEN}' -rules '${FILTRON_RULES}' -target '${FILTRON_TARGET}'
|
2020-01-08 19:21:07 +01:00
|
|
|
|
|
|
|
|
Restart=always
|
|
|
|
|
Environment=USER=${SERVICE_USER} HOME=${SERVICE_HOME}
|
|
|
|
|
|
|
|
|
|
# Some distributions may not support these hardening directives. If you cannot
|
|
|
|
|
# start the service due to an unknown option, comment out the ones not supported
|
|
|
|
|
# by your version of systemd.
|
|
|
|
|
|
|
|
|
|
ProtectSystem=full
|
|
|
|
|
PrivateDevices=yes
|
|
|
|
|
PrivateTmp=yes
|
|
|
|
|
NoNewPrivileges=true
|
|
|
|
|
|
|
|
|
|
[Install]
|
|
|
|
|
|
|
|
|
|
WantedBy=multi-user.target
|
