Skip to content
This repository has been archived by the owner on Dec 23, 2023. It is now read-only.

Commit

Permalink
Browse files Browse the repository at this point in the history
chore: add systemd service unit example
  • Loading branch information
muety committed Feb 26, 2023
1 parent 44d5705 commit 37e2fcc
Showing 1 changed file with 44 additions and 0 deletions.
44 changes: 44 additions & 0 deletions etc/mailwhale.service
@@ -0,0 +1,44 @@
[Unit]
Description=MailWhale
StartLimitIntervalSec=400
StartLimitBurst=3

[Service]
Type=simple

# Assuming MailWhale executable is under /opt/mailwhale and config file at /etc
# Feel free to change this
WorkingDirectory=/opt/mailwhale
ExecStart=/opt/mailwhale/mailwhale -config /etc/mailwhale.yml

# Optionally override some config options using additional environment variables, see README for more
Environment=MW_ENV=prod

# sudo groupadd mailwhale
# sudo useradd -g mailwhale mailwhale
User=mailwhale
Group=mailwhale
RuntimeDirectory=mailwhale # creates /run/mailwhale

Restart=on-failure
RestartSec=90

# Security hardening (all optional)
PrivateTmp=true
PrivateUsers=true
NoNewPrivileges=true
ProtectSystem=full
ProtectHome=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectKernelLogs=true
ProtectControlGroups=true
PrivateDevices=true
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
ProtectClock=true
RestrictSUIDSGID=true
ProtectHostname=true
ProtectProc=invisible

[Install]
WantedBy=multi-user.target

0 comments on commit 37e2fcc

Please sign in to comment.