summaryrefslogtreecommitdiffstats
path: root/roles/lists/files/etc
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2017-05-31 17:39:57 +0200
committerGuilhem Moulin <guilhem@fripost.org>2017-05-31 17:39:57 +0200
commite136d3edbdb6749d4559939dc9fcbc11d166e34c (patch)
tree36e051f5675b003c38bac4fc6eec738698125437 /roles/lists/files/etc
parent789f4f2e1b01873b200b973584d1501ba32e3bfd (diff)
/lib/systemd/system → /etc/systemd/system
Diffstat (limited to 'roles/lists/files/etc')
-rw-r--r--roles/lists/files/etc/systemd/system/wwsympa.service25
-rw-r--r--roles/lists/files/etc/systemd/system/wwsympa.socket11
2 files changed, 36 insertions, 0 deletions
diff --git a/roles/lists/files/etc/systemd/system/wwsympa.service b/roles/lists/files/etc/systemd/system/wwsympa.service
new file mode 100644
index 0000000..4e3d94b
--- /dev/null
+++ b/roles/lists/files/etc/systemd/system/wwsympa.service
@@ -0,0 +1,25 @@
+[Unit]
+Description=WWSympa Service
+After=network.target
+PartOf=sympa.service
+Requires=wwsympa.socket
+
+[Service]
+StandardInput=socket
+User=sympa
+Group=sympa
+ExecStart=/usr/lib/cgi-bin/sympa/wwsympa.fcgi
+
+# Hardening
+NoNewPrivileges=yes
+PrivateDevices=yes
+ProtectHome=yes
+ProtectSystem=full
+PrivateTmp=yes
+ReadOnlyDirectories=/
+ReadWriteDirectories=-/var/lib/sympa
+ReadWriteDirectories=-/var/run/sympa
+ReadWriteDirectories=-/var/spool/sympa
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/lists/files/etc/systemd/system/wwsympa.socket b/roles/lists/files/etc/systemd/system/wwsympa.socket
new file mode 100644
index 0000000..10fe721
--- /dev/null
+++ b/roles/lists/files/etc/systemd/system/wwsympa.socket
@@ -0,0 +1,11 @@
+[Unit]
+Description=WWSympa Listen Socket
+
+[Socket]
+SocketUser=www-data
+SocketGroup=www-data
+SocketMode=0600
+ListenStream=/run/wwsympa.socket
+
+[Install]
+WantedBy=sockets.target