mirror of
https://github.com/nikdoof/hapz2m.git
synced 2026-01-30 10:28:21 +00:00
Added systemd unit file
The unit file is similar to the one I initially wrote for regelwerk, which uses DynamicUser to isolate the process.
This commit is contained in:
Darell Tan
26
hapz2m.service
Normal file
26
hapz2m.service
Normal file
@@ -0,0 +1,26 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=HomeKit to Zigbee2MQTT Bridge
|
||||||
|
After=network.target
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=exec
|
||||||
|
ExecStart=/usr/bin/hapz2m -quiet -config /var/lib/hapz2m/hapz2m.conf -db /var/lib/hapz2m/db
|
||||||
|
PrivateDevices=yes
|
||||||
|
PrivateTmp=yes
|
||||||
|
NoNewPrivileges=yes
|
||||||
|
ProtectSystem=full
|
||||||
|
ProtectHome=yes
|
||||||
|
RestrictNamespaces=yes
|
||||||
|
ProtectControlGroups=yes
|
||||||
|
ProtectKernelModules=yes
|
||||||
|
ProtectKernelTunables=yes
|
||||||
|
|
||||||
|
# hack for DynamicUser readable config file, systemd < 251
|
||||||
|
# see https://github.com/systemd/systemd/issues/16060#issuecomment-964168566
|
||||||
|
DynamicUser=yes
|
||||||
|
StateDirectory=hapz2m
|
||||||
|
ExecStartPre=+bash -c "install -p -m 0660 -o $(stat -L -c %%u /var/lib/hapz2m) -t /var/lib/hapz2m/ /etc/hapz2m.conf"
|
||||||
|
|
||||||
Reference in New Issue
Block a user