This repository was archived by the owner on Dec 23, 2023. It is now read-only.
File tree Expand file tree Collapse file tree 1 file changed +44
-0
lines changed
Expand file tree Collapse file tree 1 file changed +44
-0
lines changed Original file line number Diff line number Diff line change 1+ [Unit]
2+ Description =MailWhale
3+ StartLimitIntervalSec =400
4+ StartLimitBurst =3
5+
6+ [Service]
7+ Type =simple
8+
9+ # Assuming MailWhale executable is under /opt/mailwhale and config file at /etc
10+ # Feel free to change this
11+ WorkingDirectory =/opt/mailwhale
12+ ExecStart =/opt/mailwhale/mailwhale -config /etc/mailwhale.yml
13+
14+ # Optionally override some config options using additional environment variables, see README for more
15+ Environment =MW_ENV =prod
16+
17+ # sudo groupadd mailwhale
18+ # sudo useradd -g mailwhale mailwhale
19+ User =mailwhale
20+ Group =mailwhale
21+ RuntimeDirectory =mailwhale # creates /run/mailwhale
22+
23+ Restart =on-failure
24+ RestartSec =90
25+
26+ # Security hardening (all optional)
27+ PrivateTmp =true
28+ PrivateUsers =true
29+ NoNewPrivileges =true
30+ ProtectSystem =full
31+ ProtectHome =true
32+ ProtectKernelTunables =true
33+ ProtectKernelModules =true
34+ ProtectKernelLogs =true
35+ ProtectControlGroups =true
36+ PrivateDevices =true
37+ CapabilityBoundingSet =CAP_NET_BIND_SERVICE
38+ ProtectClock =true
39+ RestrictSUIDSGID =true
40+ ProtectHostname =true
41+ ProtectProc =invisible
42+
43+ [Install]
44+ WantedBy =multi-user.target
You can’t perform that action at this time.
0 commit comments