💾 Archived View for altesq.net › ~masqq › gemlog › content › agate.service captured on 2022-06-03 at 23:10:13.

View Raw

More Information

-=-=-=-=-=-=-

[Unit]
Description=agate
After=network.target

[Service]
Type=simple
User=agate
WorkingDirectory=/srv/gemini/
ExecStart=/usr/local/bin/agate --content /srv/gemini/ --addr [::]:1965 --addr 0.0.0.0:1965 --hostname YOURDOMAIN.NET --lang en-US --only-tls13
Restart=always
CapabilityBoundingSet=
PrivateTmp=yes
PrivateDevices=yes
PrivateUsers=yes
PrivateIPC=yes
ProtectControlGroups=yes
ProtectHome=yes
ProtectHostname=yes
ProtectClock=yes
ProtectKernelLogs=yes
ProtectKernelModules=yes
ProtectKernelTunables=true
ProtectProc=invisible
ProcSubset=pid
ProtectSystem=strict
DevicePolicy=closed
RestrictNamespaces=yes
RestrictRealtime=yes
NoNewPrivileges=yes
MemoryDenyWriteExecute=yes
SystemCallArchitectures=native
LockPersonality=yes
RestrictSUIDSGID=yes
RemoveIPC=yes
UMask=077
SystemCallFilter=~@clock @debug @module @reboot @privileged @cpu-emulation @obsolete @mount @resources
RestrictAddressFamilies=AF_INET AF_INET6

[Install]
WantedBy=multi-user.target