chore: Add Systemd config for self-hosted server (#1879)

author: Sven-Hendrik Haase <svenstaro@gmail.com> 2024-06-03 12:20:15 +0200
committer: GitHub <noreply@github.com> 2024-06-03 11:20:15 +0100
commit: 1ecc1d20e98718e715f9b30c88780d64adf6f858 (patch)
tree: 15e6fd6b9181a7b6d5d3852fcc34dd9811ad3fa0
parent: chore(deps): flake.lock: Update (#2072) (diff)
download: atuin-1ecc1d20e98718e715f9b30c88780d64adf6f858.zip
2 files changed, 30 insertions, 0 deletions
diff --git a/systemd/atuin-server.service b/systemd/atuin-server.service
new file mode 100644
index 00000000..4c203f04
--- /dev/null
+++ b/systemd/atuin-server.service
@@ -0,0 +1,29 @@
+[Unit]
+Description=Start the Atuin server syncing service
+After=network-online.target
+Wants=network-online.target systemd-networkd-wait-online.service
+
+[Service]
+ExecStart=atuin server start
+Restart=on-failure
+User=atuin
+Group=atuin
+
+Environment=ATUIN_CONFIG_DIR=/etc/atuin
+ReadWritePaths=/etc/atuin
+
+# Hardening options
+CapabilityBoundingSet=
+AmbientCapabilities=
+NoNewPrivileges=true
+ProtectHome=true
+ProtectSystem=strict
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectControlGroups=true
+PrivateTmp=true
+PrivateDevices=true
+LockPersonality=true
+
+[Install]
+WantedBy=multi-user.target
diff --git a/systemd/atuin-server.sysusers b/systemd/atuin-server.sysusers
new file mode 100644
index 00000000..5a8e8750
--- /dev/null
+++ b/systemd/atuin-server.sysusers
@@ -0,0 +1 @@
+u atuin - "Atuin synchronized shell history"
author	Sven-Hendrik Haase <svenstaro@gmail.com>	2024-06-03 12:20:15 +0200
committer	GitHub <noreply@github.com>	2024-06-03 11:20:15 +0100
commit	1ecc1d20e98718e715f9b30c88780d64adf6f858 (patch)
tree	15e6fd6b9181a7b6d5d3852fcc34dd9811ad3fa0
parent	chore(deps): flake.lock: Update (#2072) (diff)
download	atuin-1ecc1d20e98718e715f9b30c88780d64adf6f858.zip