/lib/systemd/system → /etc/systemd/system

2 files changed, 36 insertions, 0 deletions

diff --git a/roles/lists/files/etc/systemd/system/wwsympa.service b/roles/lists/files/etc/systemd/system/wwsympa.service
new file mode 100644
index 0000000..4e3d94b
--- /dev/null
+++ b/roles/lists/files/etc/systemd/system/wwsympa.service
@@ -0,0 +1,25 @@
+[Unit]
+Description=WWSympa Service
+After=network.target
+PartOf=sympa.service
+Requires=wwsympa.socket
+
+[Service]
+StandardInput=socket
+User=sympa
+Group=sympa
+ExecStart=/usr/lib/cgi-bin/sympa/wwsympa.fcgi
+
+# Hardening
+NoNewPrivileges=yes
+PrivateDevices=yes
+ProtectHome=yes
+ProtectSystem=full
+PrivateTmp=yes
+ReadOnlyDirectories=/
+ReadWriteDirectories=-/var/lib/sympa
+ReadWriteDirectories=-/var/run/sympa
+ReadWriteDirectories=-/var/spool/sympa
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/lists/files/etc/systemd/system/wwsympa.socket b/roles/lists/files/etc/systemd/system/wwsympa.socket
new file mode 100644
index 0000000..10fe721
--- /dev/null
+++ b/roles/lists/files/etc/systemd/system/wwsympa.socket
@@ -0,0 +1,11 @@
+[Unit]
+Description=WWSympa Listen Socket
+
+[Socket]
+SocketUser=www-data
+SocketGroup=www-data
+SocketMode=0600
+ListenStream=/run/wwsympa.socket
+
+[Install]
+WantedBy=sockets.target