mirror of
https://github.com/oauth2-proxy/oauth2-proxy.git
synced 2025-04-27 12:32:10 +02:00
34 lines
800 B
Plaintext
34 lines
800 B
Plaintext
[Unit]
|
|
Description=oauth2-proxy daemon service
|
|
After=network.target network-online.target nss-lookup.target basic.target
|
|
Wants=network-online.target nss-lookup.target
|
|
StartLimitIntervalSec=30
|
|
StartLimitBurst=3
|
|
|
|
[Service]
|
|
User=oauth2-proxy
|
|
Group=oauth2-proxy
|
|
Restart=on-failure
|
|
RestartSec=30
|
|
WorkingDirectory=/etc/oauth2-proxy
|
|
ExecStart=/usr/bin/oauth2-proxy --config=/etc/oauth2-proxy/oauth2-proxy.cfg
|
|
ExecReload=/bin/kill -HUP $MAINPID
|
|
LimitNOFILE=65535
|
|
NoNewPrivileges=true
|
|
ProtectHome=true
|
|
ProtectSystem=full
|
|
ProtectHostname=true
|
|
ProtectControlGroups=true
|
|
ProtectKernelModules=true
|
|
ProtectKernelTunables=true
|
|
LockPersonality=true
|
|
RestrictRealtime=yes
|
|
RestrictNamespaces=yes
|
|
MemoryDenyWriteExecute=yes
|
|
PrivateDevices=yes
|
|
PrivateTmp=true
|
|
CapabilityBoundingSet=
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|