blob: c8eb12a6954d0a1683318fdfef5efc657bca43d3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
[Unit]
Description=Sync the ArchLinux Mirror with syncrepo
Documentation=https://wiki.archlinux.org/index.php/DeveloperWiki:NewMirrors
Requires=network-online.target
After=network-online.target
[Service]
Type=oneshot
EnvironmentFile=/usr/lib/syncrepo/syncrepo.conf
EnvironmentFile=-/etc/conf.d/syncrepo
ExecStart=/usr/bin/syncrepo
Nice=19
IOSchedulingClass=best-effort
IOSchedulingPriority=7
# Hardening
CapabilityBoundingSet=~CAP_SYS_ADMIN
ProtectSystem=full
ProtectHome=true
PrivateDevices=true
PrivateMounts=true
PrivateTmp=true
RestrictSUIDSGID=true
NoNewPrivileges=true
ReadOnlyPaths=/
ReadWritePaths=/srv
|