From 1ecc1d20e98718e715f9b30c88780d64adf6f858 Mon Sep 17 00:00:00 2001 From: Sven-Hendrik Haase Date: Mon, 3 Jun 2024 12:20:15 +0200 Subject: [PATCH] chore: Add Systemd config for self-hosted server (#1879) --- systemd/atuin-server.service | 29 +++++++++++++++++++++++++++++ systemd/atuin-server.sysusers | 1 + 2 files changed, 30 insertions(+) create mode 100644 systemd/atuin-server.service create mode 100644 systemd/atuin-server.sysusers diff --git a/systemd/atuin-server.service b/systemd/atuin-server.service new file mode 100644 index 00000000..4c203f04 --- /dev/null +++ b/systemd/atuin-server.service @@ -0,0 +1,29 @@ +[Unit] +Description=Start the Atuin server syncing service +After=network-online.target +Wants=network-online.target systemd-networkd-wait-online.service + +[Service] +ExecStart=atuin server start +Restart=on-failure +User=atuin +Group=atuin + +Environment=ATUIN_CONFIG_DIR=/etc/atuin +ReadWritePaths=/etc/atuin + +# Hardening options +CapabilityBoundingSet= +AmbientCapabilities= +NoNewPrivileges=true +ProtectHome=true +ProtectSystem=strict +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectControlGroups=true +PrivateTmp=true +PrivateDevices=true +LockPersonality=true + +[Install] +WantedBy=multi-user.target diff --git a/systemd/atuin-server.sysusers b/systemd/atuin-server.sysusers new file mode 100644 index 00000000..5a8e8750 --- /dev/null +++ b/systemd/atuin-server.sysusers @@ -0,0 +1 @@ +u atuin - "Atuin synchronized shell history"