From 0261e875679f1bf63c8d689da7fc7e014597885d Mon Sep 17 00:00:00 2001
From: Stonewall Jackson <stonewall@sacredheartsc.com>
Date: Sat, 4 Feb 2023 01:23:43 -0500
Subject: initial commit

---
 .../templates/etc/systemd/system/nitter.service.j2 | 34 ++++++++++++++++++++++
 1 file changed, 34 insertions(+)
 create mode 100644 roles/nitter/templates/etc/systemd/system/nitter.service.j2

(limited to 'roles/nitter/templates/etc/systemd/system')

diff --git a/roles/nitter/templates/etc/systemd/system/nitter.service.j2 b/roles/nitter/templates/etc/systemd/system/nitter.service.j2
new file mode 100644
index 0000000..59b0ba6
--- /dev/null
+++ b/roles/nitter/templates/etc/systemd/system/nitter.service.j2
@@ -0,0 +1,34 @@
+[Unit]
+Description=nitter twitter proxy
+After=network.target redis@{{ nitter_redis_port }}.service
+Requires=redis@{{ nitter_redis_port }}.service
+AssertPathExists={{ nitter_install_dir }}
+
+[Service]
+Type=simple
+ExecStart={{ nitter_install_dir }}/nitter
+WorkingDirectory={{ nitter_install_dir }}
+User={{ nitter_user }}
+Group={{ nitter_user }}
+Restart=always
+RestartSec=15
+
+# See https://www.freedesktop.org/software/systemd/man/systemd.exec.html
+# for details
+DevicePolicy=closed
+NoNewPrivileges=yes
+PrivateDevices=yes
+PrivateTmp=yes
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictNamespaces=yes
+RestrictRealtime=yes
+SystemCallFilter=~@clock @debug @module @mount @obsolete @privileged @reboot @setuid @swap
+
+ProtectSystem=full
+ProtectHome=true
+
+[Install]
+WantedBy=multi-user.target
-- 
cgit