blob: c35b14c7ecb30e14aebe4d0e5e1fbf7b12dfedfa (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
[Unit]
Description=Shadow TLS
After=network.target
Wants=network.target
[Service]
Type=simple
User=nobody
ExecStart=/usr/bin/shadow-tls config -c /etc/shadow-tls/%I.json
ProtectSystem=strict
ProtectHome=true
PrivateDevices=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectControlGroups=true
PrivateTmp=true
MountFlags=private
NoNewPrivileges=true
MemoryDenyWriteExecute=true
[Install]
WantedBy=multi-user.target
|