-
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathkefw2ui.service
More file actions
37 lines (32 loc) · 806 Bytes
/
kefw2ui.service
File metadata and controls
37 lines (32 loc) · 806 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
[Unit]
Description=KEF W2 Speaker Controller UI
Documentation=https://github.com/hilli/kefw2ui
After=network-online.target
Wants=network-online.target
[Service]
Type=simple
ExecStart=/usr/local/bin/kefw2ui --bind 0.0.0.0 --port 8080
Restart=on-failure
RestartSec=5
TimeoutStopSec=30
# Security hardening
User=kefw2ui
Group=kefw2ui
NoNewPrivileges=yes
ProtectSystem=strict
ProtectHome=read-only
PrivateTmp=yes
PrivateDevices=yes
ProtectKernelTunables=yes
ProtectKernelModules=yes
ProtectControlGroups=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
# Allow reading/writing config and cache from user's home directory
ReadWritePaths=/home/kefw2ui/.config/kefw2 /home/kefw2ui/.cache/kefw2
# Logging
StandardOutput=journal
StandardError=journal
SyslogIdentifier=kefw2ui
[Install]
WantedBy=multi-user.target