diff --git a/gitea/gitea.service b/gitea/gitea.service index 22d2d06..0c33c7a 100644 --- a/gitea/gitea.service +++ b/gitea/gitea.service @@ -1,18 +1,60 @@ [Unit] Description=Gitea git hosting. +After=mariadb.service [Service] Execstart=/usr/bin/gitea web User=git Group=git -RuntimeDirectory=gitea -StateDirectory=gitea -ConfigurationDirectory=gitea - PIDFile=/run/gitea/gitea.pid PrivateDevices=yes +MemoryMax=1G +MemoryHigh=750M +MemorySwapMax=1G + +CPUWeight=50 + +ConfigurationDirectory=gitea +RuntimeDirectory=gitea +StateDirectory=gitea + +Restart=always + +PrivateTmp=yes +PrivateDevices=true +PrivateUsers=true + +DevicePolicy=closed + +ProtectSystem=strict +ProtectHome=tmpfs +BindPaths=/home/git +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +ProtectClock=true +ProtectKernelLogs=yes +ProtectHostname=yes + +RestrictAddressFamilies=AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes + +NoNewPrivileges=yes +LockPersonality=yes + +ReadWritePaths=/srv/containers/git +MemoryDenyWriteExecute=yes + +#SystemCallFilter=@file-system +CapabilityBoundingSet= +SystemCallArchitectures=native +SystemCallFilter=@system-service +SystemCallErrorNumber=EPERM + [Install] WantedBy=multi-user.target diff --git a/gitea/newpackage.spec b/gitea/newpackage.spec deleted file mode 100644 index 7e22ccf..0000000 --- a/gitea/newpackage.spec +++ /dev/null @@ -1,62 +0,0 @@ -%global forgeurl https://github.com/go-gitea/gitea -Version: 1.13.2 - -%forgemeta - -Name: gitea -Release: 1%{?dist} -Summary: Gitea - -License: MIT -URL: %forgeurl -Source0: %forgesource -Source1: gitea.service - -BuildRequires: golang -BuildRequires: nodejs -BuildRequires: systemd-rpm-macros -BuildRequires: gcc - -%description -Gitea - -%global debug_package %{nil} - -%post -%systemd_post gitea.service - -%preun -%systemd_preun gitea.service - -%postun -%systemd_postun_with_restart gitea.service - -%prep -%autosetup - -%build -%global ldflags -X \"code.gitea.io/gitea/modules/setting.CustomPath=/etc/gitea/\" -X \"code.gitea.io/gitea/modules/setting.AppWorkPath=/var/lib/gitea\" -X \"code.gitea.io/gitea/modules/setting.StaticRootPath=/var/lib/gitea/static\" -X \"code.gitea.io/gitea/modules/setting.PIDFile=/run/gitea/gitea.pid\" -TAGS="bindata" LDFLAGS="%{ldflags}" %{__make} build - -%install -install -m 0755 -D gitea %{buildroot}%{_bindir}/gitea - -install -D %{SOURCE1} %{buildroot}%{_unitdir}/gitea.service - -mkdir -p %{buildroot}%{_sysconfdir}/gitea -mkdir -p %{buildroot}%{_libdir}/gitea -mkdir -p %{buildroot}%{_rundir}/gitea - -%files -%license LICENSE -%doc README.md - -%config(noreplace) %{_sysconfdir}/gitea -%{_rundir}/gitea -%{_libdir}/gitea -/usr/bin/gitea -%{_unitdir}/gitea.service - -%changelog -* Wed Feb 24 18:41:47 GMT 2021 Alex Manning --