pool/Radicale
SHA256
17
0
Fork 1
Code Issues Pull Requests Activity
Files
factory
Radicale/radicale.service

53 lines
1.2 KiB
SYSTEMD
Raw Permalink Normal View History

- Set "radicale" as the syslog identifier (replacing the generic "python3") when started via systemd (Thanks for David Walker for the suggestion in https://bugzilla.suse.com/show_bug.cgi?id=1248151) - Update to 3.5.5 * Improve: [auth] ldap: do not read server info by bind to avoid needless network traffic * Improve: add details about platform and effective user on startup * Improve: display owner+permissions on directories on startup, extend error message in case of missing permissions * Improve: add options [logging] trace_on_debug and trace_filter for supporting trace logging * Improve: catch items having tzinfo only on dtstart or dtend set for whatever reason, overtake tzinfo from the other one * Improve: conditional log level for base_prefix strip action depending on auth and web type * Fix: [storage] broken support of 'folder_umask' * Fix: logging ignores not retrievable get_native_id if not supported by OS * Fix: report with enabled expand honors now provided filter proper * Fix: catch case where getpwuid is not returning a username * Fix: add support for query without comp-type * Fix: expanded event with dates are missing VALUE=DATE * Fix: storage hook path now added to DELETE, MKCOL, MKCALENDAR, MOVE, and PROPPATCH * Feature: add hook for server-side e-mail notification * Add: [hook] dryrun: option to disable real hook action for testing, add tests for email+rabbitmq * Add: storage hook placeholder now supports "request" and "to_path" (MOVE only) OBS-URL: https://build.opensuse.org/package/show/network/Radicale?expand=0&rev=66
2025-08-22 10:27:53 +00:00
[Unit]
Description=Radicale CalDAV (calendar) and CardDAV (contact) server
Documentation=https://radicale.org
After=network-online.target
Wants=network-online.target
[Service]
User=radicale
Group=radicale
ExecStart=/usr/bin/python3 -m radicale
Restart=on-failure
# To cope with error message "Address family for hostname not supported"
# (EAFNOSUPPORT) during startup
RestartSec=2
# Deny other users access to the calendar data
UMask=0027
# To have a unique entry in syslog (instead of python3)
SyslogIdentifier=radicale
# Additional security settings
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
DevicePolicy=closed
IPAccounting=true
LockPersonality=true
MemoryDenyWriteExecute=true
NoNewPrivileges=true
PrivateDevices=true
PrivateIPC=true
PrivateTmp=true
PrivateUsers=true
ProcSubset=pid
ProtectClock=true
ProtectControlGroups=true
ProtectHome=true
ProtectHostname=true
ProtectKernelLogs=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectProc=invisible
ProtectSystem=strict
ReadOnlyPaths=/
ReadWritePaths=/var/lib/radicale/collections
RemoveIPC=true
RestrictAddressFamilies=AF_INET AF_INET6
RestrictNamespaces=true
RestrictRealtime=true
RestrictSUIDSGID=true
SystemCallArchitectures=native
SystemCallFilter=@system-service
[Install]
WantedBy=multi-user.target
Reference in New Issue Copy Permalink