Выгрузка F7cloud_HPB
This commit is contained in:
root
@@ -0,0 +1,16 @@
|
||||
[Unit]
|
||||
Description=coTURN STUN/TURN Server
|
||||
Documentation=man:coturn(1) man:turnadmin(1) man:turnserver(1)
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
User=turnserver
|
||||
Group=turnserver
|
||||
Type=notify
|
||||
ExecStart=/usr/bin/turnserver -c /etc/turnserver.conf --pidfile=
|
||||
Restart=on-failure
|
||||
InaccessibleDirectories=/home
|
||||
PrivateTmp=yes
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
@@ -0,0 +1,13 @@
|
||||
[Unit]
|
||||
Description=Janus WebRTC gateway
|
||||
After=network.target
|
||||
Documentation=https://janus.conf.meetecho.com/docs/index.html
|
||||
|
||||
[Service]
|
||||
Type=forking
|
||||
ExecStart=/usr/bin/janus --disable-colors --daemon --log-stdout
|
||||
Restart=on-failure
|
||||
LimitNOFILE=65536
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
@@ -0,0 +1,15 @@
|
||||
[Unit]
|
||||
Description=NATS Server
|
||||
After=network.target ntp.service
|
||||
|
||||
[Service]
|
||||
PrivateTmp=true
|
||||
Type=simple
|
||||
ExecStart=/usr/sbin/nats-server -c /etc/nats-server.conf
|
||||
ExecReload=/bin/kill -s HUP $MAINPID
|
||||
ExecStop=/bin/kill -s SIGINT $MAINPID
|
||||
User=nats
|
||||
Group=nats
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
@@ -0,0 +1,43 @@
|
||||
[Unit]
|
||||
Description=Nextcloud Talk signaling server
|
||||
|
||||
[Service]
|
||||
ExecStart=/usr/bin/signaling --config /etc/f7cloud-spreed-signaling/server.conf
|
||||
User=_signaling
|
||||
Group=_signaling
|
||||
Restart=on-failure
|
||||
|
||||
# Makes sure that /etc/signaling is owned by this service
|
||||
ConfigurationDirectory=signaling
|
||||
|
||||
# Hardening - see systemd.exec(5)
|
||||
CapabilityBoundingSet=
|
||||
ExecPaths=/usr/bin/signaling /usr/lib /usr/lib64
|
||||
LockPersonality=yes
|
||||
MemoryDenyWriteExecute=yes
|
||||
NoExecPaths=/
|
||||
NoNewPrivileges=yes
|
||||
PrivateDevices=yes
|
||||
PrivateTmp=yes
|
||||
PrivateUsers=yes
|
||||
ProcSubset=pid
|
||||
ProtectClock=yes
|
||||
ProtectControlGroups=yes
|
||||
ProtectHome=yes
|
||||
ProtectHostname=yes
|
||||
ProtectKernelLogs=yes
|
||||
ProtectKernelModules=yes
|
||||
ProtectKernelTunables=yes
|
||||
ProtectProc=invisible
|
||||
ProtectSystem=strict
|
||||
RemoveIPC=yes
|
||||
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
|
||||
RestrictNamespaces=yes
|
||||
RestrictRealtime=yes
|
||||
RestrictSUIDSGID=yes
|
||||
SystemCallArchitectures=native
|
||||
SystemCallFilter=@system-service
|
||||
SystemCallFilter=~ @privileged
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Reference in New Issue
Block a user