]> WPIA git - infra.git/blobdiff - modules/gitweb/files/git@.service
projects / infra.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
add: gitweb service
[infra.git] / modules / gitweb / files / git@.service
diff --git a/modules/gitweb/files/git@.service b/modules/gitweb/files/git@.service
new file mode 100644 (file)
index 0000000..0dcbf7f
--- /dev/null
+++ b/modules/gitweb/files/git@.service
@@ -0,0 +1,22 @@
+[Unit]
+Description=git daemon
+Documentation=man:git-daemon(1)
+
+[Service]
+ExecStart=/usr/bin/git daemon --inetd --verbose --export-all --base-path=/srv/git
+StandardInput=socket
+StandardOutput=socket
+StandardError=journal
+User=git
+
+# sandboxing options, see systemd.exec(5)
+NoNewPrivileges=yes
+PrivateNetwork=yes
+PrivateDevices=yes
+PrivateTmp=yes
+ProtectHome=yes
+ReadOnlyDirectories=/
+SystemCallArchitectures=native
+RestrictRealtime=yes
+ProtectControlGroups=yes
+ProtectKernelModules=yes
WPIA Technical Infrastructure