projects / mirror / dsa-puppet.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
DynamicUser and python don't mix, apply by hand instead
[mirror/dsa-puppet.git] / modules / roles / templates / mirror-health.service.erb
diff --git a/modules/roles/templates/mirror-health.service.erb b/modules/roles/templates/mirror-health.service.erb
index 6158951..badcd33 100644 (file)
--- a/modules/roles/templates/mirror-health.service.erb
+++ b/modules/roles/templates/mirror-health.service.erb
@@ -9,7 +9,11 @@ Description=Mirror health checking <%= @healthcheck_service %>
 [Service]
 ExecStart=/usr/local/sbin/mirror-health
 RuntimeDirectory=dsa-mirror-health-<%= @healthcheck_service %>
-DynamicUser=true
+ProtectSystem=full
+ProtectHome=read-only
+PrivateTmp=true
+User=nobody
+Group=nogroup
 
 Environment="MIRROR_CHECK_SERVICE=<%= @check_service %>"
 Environment="MIRROR_CHECK_URL=<%= @url %>"
Unnamed repository; edit this file 'description' to name the repository.