mirrors/ympd
1
0
Fork 0
mirror of https://github.com/SuperBFG7/ympd synced 2025-02-01 19:59:17 +00:00
Code Issues Releases Wiki Activity

Merge pull request #29 from SuperBFG7/harden

Browse Source 
Harden
This commit is contained in:
Daniel Schregenberger 2019-04-22 11:53:51 +02:00 committed by GitHub
commit 91700a2496
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 21 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
contrib/ympd.default
View File

@ -2,7 +2,6 @@ MPD_HOST=localhost
MPD_PORT=6600
MPD_PASSWORD=
WEB_PORT=8080
YMPD_USER=nobody
DIRBLE_API_TOKEN=2e223c9909593b94fc6577361a
#DIGEST=--digest /path/to/htdigest
#LOCALPORT=--localport 8080

22
contrib/ympd.service
View File

@ -3,6 +3,26 @@ Description=ympd server daemon
Requires=network.target local-fs.target
[Service]
User=nobody
DynamicUser=yes
MountAPIVFS=yes
RemoveIPC=yes
CapabilityBoundingSet=
LockPersonality=yes
PrivateUsers=yes
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=strict
NoNewPrivileges=yes
MemoryDenyWriteExecute=yes
RestrictRealtime=yes
RestrictNamespaces=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
ProtectKernelTunables=yes
ProtectKernelModules=yes
ProtectControlGroups=yes
ProtectHome=yes
Environment=MPD_HOST=localhost
Environment=MPD_PORT=6600
Environment=MPD_PASSWORD=
@ -12,7 +32,7 @@ Environment=DIRBLE_API_TOKEN=2e223c9909593b94fc6577361a
Environment=DIGEST=
Environment=LOCALPORT=
EnvironmentFile=/etc/default/ympd
ExecStart=/usr/bin/ympd --user $YMPD_USER --webport $WEB_PORT --host $MPD_HOST --port $MPD_PORT --dirbletoken $DIRBLE_API_TOKEN $DIGEST $LOCALPORT
ExecStart=/usr/bin/ympd --user $USER --webport $WEB_PORT --host $MPD_HOST --port $MPD_PORT --dirbletoken $DIRBLE_API_TOKEN $DIGEST $LOCALPORT
Type=simple
[Install]