summaryrefslogtreecommitdiffstats
path: root/roles/wiki/files/etc/systemd
diff options
context:
space:
mode:
Diffstat (limited to 'roles/wiki/files/etc/systemd')
-rw-r--r--roles/wiki/files/etc/systemd/system/ikiwiki.service23
-rw-r--r--roles/wiki/files/etc/systemd/system/ikiwiki.socket11
2 files changed, 34 insertions, 0 deletions
diff --git a/roles/wiki/files/etc/systemd/system/ikiwiki.service b/roles/wiki/files/etc/systemd/system/ikiwiki.service
new file mode 100644
index 0000000..3ee7d66
--- /dev/null
+++ b/roles/wiki/files/etc/systemd/system/ikiwiki.service
@@ -0,0 +1,23 @@
+[Unit]
+Description=wiki compiler (CGI script)
+Documentation=https://ikiwiki.info/
+
+[Service]
+User=ikiwiki
+Group=ikiwiki
+ExecStart=/usr/sbin/fcgiwrap
+SyslogIdentifier=ikiwiki
+#
+# Hardening
+NoNewPrivileges=yes
+ReadWriteDirectories=/var/lib/ikiwiki/fripost-wiki
+ReadWriteDirectories=/var/lib/ikiwiki/public_html/fripost-wiki
+PrivateDevices=yes
+ProtectHome=yes
+ProtectSystem=strict
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/wiki/files/etc/systemd/system/ikiwiki.socket b/roles/wiki/files/etc/systemd/system/ikiwiki.socket
new file mode 100644
index 0000000..8dc1a0e
--- /dev/null
+++ b/roles/wiki/files/etc/systemd/system/ikiwiki.socket
@@ -0,0 +1,11 @@
+[Unit]
+Description=wiki compiler (CGI script)
+Documentation=https://ikiwiki.info/
+
+[Socket]
+ListenStream=%t/ikiwiki.socket
+SocketUser=www-data
+SocketMode=0600
+
+[Install]
+WantedBy=sockets.target