2021-05-05 11:08:17 +02:00
|
|
|
[Unit]
|
|
|
|
|
Description=Caddy
|
|
|
|
|
Documentation=https://caddyserver.com/docs/
|
|
|
|
|
After=network.target network-online.target
|
|
|
|
|
Requires=network-online.target
|
|
|
|
|
|
|
|
|
|
[Service]
|
|
|
|
|
User=caddy
|
|
|
|
|
Group=caddy
|
|
|
|
|
ExecStart=/usr/bin/caddy run --resume --environ --config /etc/caddy/Caddyfile
|
|
|
|
|
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
|
|
|
|
|
TimeoutStopSec=5s
|
|
|
|
|
LimitNOFILE=1048576
|
|
|
|
|
LimitNPROC=512
|
|
|
|
|
PrivateTmp=true
|
|
|
|
|
ProtectSystem=full
|
2021-09-02 16:38:26 +02:00
|
|
|
# added automatically, for details please see
|
|
|
|
|
# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
|
|
|
|
|
ProtectHome=true
|
|
|
|
|
PrivateDevices=true
|
|
|
|
|
ProtectHostname=true
|
|
|
|
|
ProtectClock=true
|
|
|
|
|
ProtectKernelTunables=true
|
|
|
|
|
ProtectKernelModules=true
|
|
|
|
|
ProtectKernelLogs=true
|
|
|
|
|
ProtectControlGroups=true
|
|
|
|
|
RestrictRealtime=true
|
|
|
|
|
# end of automatic additions
|
2021-05-05 11:08:17 +02:00
|
|
|
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
|
|
|
|
|
|
|
|
|
[Install]
|
|
|
|
|
WantedBy=multi-user.target
|
