diff options
| -rw-r--r-- | systemd/atuin-server.service | 29 | ||||
| -rw-r--r-- | systemd/atuin-server.sysusers | 1 |
2 files changed, 30 insertions, 0 deletions
diff --git a/systemd/atuin-server.service b/systemd/atuin-server.service new file mode 100644 index 00000000..4c203f04 --- /dev/null +++ b/systemd/atuin-server.service @@ -0,0 +1,29 @@ +[Unit] +Description=Start the Atuin server syncing service +After=network-online.target +Wants=network-online.target systemd-networkd-wait-online.service + +[Service] +ExecStart=atuin server start +Restart=on-failure +User=atuin +Group=atuin + +Environment=ATUIN_CONFIG_DIR=/etc/atuin +ReadWritePaths=/etc/atuin + +# Hardening options +CapabilityBoundingSet= +AmbientCapabilities= +NoNewPrivileges=true +ProtectHome=true +ProtectSystem=strict +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectControlGroups=true +PrivateTmp=true +PrivateDevices=true +LockPersonality=true + +[Install] +WantedBy=multi-user.target diff --git a/systemd/atuin-server.sysusers b/systemd/atuin-server.sysusers new file mode 100644 index 00000000..5a8e8750 --- /dev/null +++ b/systemd/atuin-server.sysusers @@ -0,0 +1 @@ +u atuin - "Atuin synchronized shell history" |