diff options
Diffstat (limited to 'roles/hastebin/templates')
| -rw-r--r-- | roles/hastebin/templates/etc/systemd/system/hastebin.service.j2 | 35 | ||||
| -rw-r--r-- | roles/hastebin/templates/var/lib/hastebin/haste-server/config.js.j2 | 32 |
2 files changed, 67 insertions, 0 deletions
diff --git a/roles/hastebin/templates/etc/systemd/system/hastebin.service.j2 b/roles/hastebin/templates/etc/systemd/system/hastebin.service.j2 new file mode 100644 index 0000000..22a2a2d --- /dev/null +++ b/roles/hastebin/templates/etc/systemd/system/hastebin.service.j2 @@ -0,0 +1,35 @@ +[Unit] +Description=hastebin paste server +After=network.target +AssertPathExists={{ hastebin_install_dir }} + +[Service] +Type=simple +Environment="LISTEN_ADDRESS=127.0.0.1" +Environment="NODE_ENV=production" +EnvironmentFile=-/etc/sysconfig/hastebin +ExecStart=/usr/bin/node server.js +WorkingDirectory={{ hastebin_install_dir }} +User={{ hastebin_user }} +Group={{ hastebin_user }} +Restart=on-failure + +# See https://www.freedesktop.org/software/systemd/man/systemd.exec.html +# for details +DevicePolicy=closed +NoNewPrivileges=yes +PrivateDevices=yes +PrivateTmp=yes +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +SystemCallFilter=~@clock @debug @module @mount @obsolete @privileged @reboot @setuid @swap + +ProtectSystem=full +ProtectHome=true + +[Install] +WantedBy=multi-user.target diff --git a/roles/hastebin/templates/var/lib/hastebin/haste-server/config.js.j2 b/roles/hastebin/templates/var/lib/hastebin/haste-server/config.js.j2 new file mode 100644 index 0000000..dcd7668 --- /dev/null +++ b/roles/hastebin/templates/var/lib/hastebin/haste-server/config.js.j2 @@ -0,0 +1,32 @@ +{ + "host": "127.0.0.1", + "port": {{ hastebin_port }}, + "keyLength": 10, + "maxLength": 400000, + "staticMaxAge": 86400, + "recompressStaticAssets": true, + "logging": [ + { + "level": "verbose", + "type": "Console", + "colorize": false + } + ], + "keyGenerator": { + "type": "random" + }, + "rateLimits": { + "categories": { + "normal": { + "totalRequests": 500, + "every": 60000 + } + } + }, + "storage": { + "type": "file", + "path": "{{ hastebin_data_dir }}" + }, + "documents": { + } +} |