cloudflare-ddns/systemd/cloudflare-ddns.service

48 lines
1.2 KiB
SYSTEMD
Raw Permalink Normal View History

2023-07-27 23:25:16 -07:00
[Unit]
Description=Run the Cloudflare DDNS script
Wants=network-online.target
After=network-online.target
[Service]
Type=oneshot
2023-07-28 02:04:29 -07:00
ExecStart=/usr/bin/cloudflare-ddns run --config-file "${CREDENTIALS_DIRECTORY}/cloudflare-ddns.toml" --cache-dir "${CACHE_DIRECTORY}"
2023-07-27 23:25:16 -07:00
2023-07-28 02:04:29 -07:00
# Please modify the path after the : to point to a custom config location if you'd like
LoadCredential=cloudflare-ddns.toml:/etc/cloudflare-ddns.toml
# Security Hardening
# Run `systemd-analyze security cloudflare-ddns` for recommendations
2023-07-27 23:25:16 -07:00
2023-07-28 02:04:29 -07:00
NoNewPrivileges=true
ProtectSystem=strict
2023-07-27 23:25:16 -07:00
PrivateTmp=true
PrivateDevices=true
ProtectHostname=true
ProtectClock=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectKernelLogs=true
ProtectControlGroups=true
RestrictNamespaces=true
LockPersonality=true
MemoryDenyWriteExecute=true
RestrictRealtime=true
RestrictSUIDSGID=true
2023-07-28 02:04:29 -07:00
CapabilityBoundingSet=
SystemCallArchitectures=native
SystemCallFilter=@system-service
SystemCallFilter=~@privileged
SystemCallFilter=~@resources
ProtectProc=invisible
ProcSubset=pid
RestrictAddressFamilies=AF_INET AF_INET6
UMask=066
DynamicUser=true
CacheDirectory=cloudflare-ddns
PrivateUsers=true
ProtectHome=true
# Refuse to execute any other binary
ExecPaths=/usr/bin/cloudflare-ddns
2023-07-27 23:25:16 -07:00
[Install]
WantedBy=multi-user.target