mirror of
https://github.com/SuperBFG7/ympd
synced 2024-12-22 17:10:26 +00:00
0917b467e8
This offers a measure of protection against potential ympd vulnerabilities. See https://www.freedesktop.org/software/systemd/man/systemd.exec.html for documentation.
38 lines
925 B
Desktop File
38 lines
925 B
Desktop File
[Unit]
|
|
Description=ympd server daemon
|
|
Requires=network.target local-fs.target
|
|
|
|
[Service]
|
|
User=ympd
|
|
DynamicUser=yes
|
|
MountAPIVFS=yes
|
|
RemoveIPC=yes
|
|
CapabilityBoundingSet=
|
|
LockPersonality=yes
|
|
PrivateUsers=yes
|
|
PrivateTmp=yes
|
|
PrivateDevices=yes
|
|
ProtectSystem=strict
|
|
NoNewPrivileges=yes
|
|
MemoryDenyWriteExecute=yes
|
|
RestrictRealtime=yes
|
|
RestrictNamespaces=yes
|
|
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
|
|
ProtectKernelTunables=yes
|
|
ProtectKernelModules=yes
|
|
ProtectControlGroups=yes
|
|
ProtectHome=yes
|
|
|
|
Environment=MPD_HOST=localhost
|
|
Environment=MPD_PORT=6600
|
|
Environment=MPD_PASSWORD=
|
|
Environment=WEB_PORT=8080
|
|
Environment=YMPD_USER=nobody
|
|
Environment=DIRBLE_API_TOKEN=2e223c9909593b94fc6577361a
|
|
EnvironmentFile=/etc/default/ympd
|
|
ExecStart=/usr/bin/ympd --user $YMPD_USER --mpdpass "$MPD_PASSWORD" --webport $WEB_PORT --host $MPD_HOST --port $MPD_PORT --dirbletoken $DIRBLE_API_TOKEN
|
|
Type=simple
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|