Service file changes

2021-02-26 12:07:11 +00:00 · 2021-02-26 12:07:11 +00:00 · cac1c44b04
commit cac1c44b04
parent 269e501c57
2 changed files with 46 additions and 66 deletions
--- a/gitea/gitea.service
+++ b/gitea/gitea.service
@ -1,18 +1,60 @@
 [Unit]
 Description=Gitea git hosting.
+After=mariadb.service

 [Service]
 Execstart=/usr/bin/gitea web
 User=git
 Group=git

-RuntimeDirectory=gitea
-StateDirectory=gitea
-ConfigurationDirectory=gitea
-
 PIDFile=/run/gitea/gitea.pid

 PrivateDevices=yes

+MemoryMax=1G
+MemoryHigh=750M
+MemorySwapMax=1G
+
+CPUWeight=50
+
+ConfigurationDirectory=gitea
+RuntimeDirectory=gitea
+StateDirectory=gitea
+
+Restart=always
+
+PrivateTmp=yes
+PrivateDevices=true
+PrivateUsers=true
+
+DevicePolicy=closed
+
+ProtectSystem=strict
+ProtectHome=tmpfs
+BindPaths=/home/git
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+ProtectClock=true
+ProtectKernelLogs=yes
+ProtectHostname=yes
+
+RestrictAddressFamilies=AF_INET AF_INET6
+RestrictNamespaces=yes
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+
+NoNewPrivileges=yes
+LockPersonality=yes
+
+ReadWritePaths=/srv/containers/git
+MemoryDenyWriteExecute=yes
+
+#SystemCallFilter=@file-system
+CapabilityBoundingSet=
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+SystemCallErrorNumber=EPERM
+
 [Install]
 WantedBy=multi-user.target
--- a/gitea/newpackage.spec
+++ b/gitea/newpackage.spec
@ -1,62 +0,0 @@
-%global forgeurl https://github.com/go-gitea/gitea
-Version: 1.13.2
-
-%forgemeta
-
-Name:           gitea
-Release:        1%{?dist}
-Summary:        Gitea
-
-License:        MIT
-URL:            %forgeurl
-Source0:        %forgesource
-Source1:        gitea.service
-
-BuildRequires:  golang
-BuildRequires:  nodejs
-BuildRequires:  systemd-rpm-macros
-BuildRequires:  gcc
-
-%description
-Gitea
-
-%global debug_package %{nil}
-
-%post
-%systemd_post gitea.service
-
-%preun
-%systemd_preun gitea.service
-
-%postun
-%systemd_postun_with_restart gitea.service
-
-%prep
-%autosetup
-
-%build
-%global ldflags -X \"code.gitea.io/gitea/modules/setting.CustomPath=/etc/gitea/\" -X \"code.gitea.io/gitea/modules/setting.AppWorkPath=/var/lib/gitea\" -X \"code.gitea.io/gitea/modules/setting.StaticRootPath=/var/lib/gitea/static\" -X \"code.gitea.io/gitea/modules/setting.PIDFile=/run/gitea/gitea.pid\"
-TAGS="bindata" LDFLAGS="%{ldflags}" %{__make} build
-
-%install
-install -m 0755 -D gitea %{buildroot}%{_bindir}/gitea
-
-install -D %{SOURCE1} %{buildroot}%{_unitdir}/gitea.service
-
-mkdir -p %{buildroot}%{_sysconfdir}/gitea
-mkdir -p %{buildroot}%{_libdir}/gitea
-mkdir -p %{buildroot}%{_rundir}/gitea
-
-%files
-%license LICENSE
-%doc README.md
-
-%config(noreplace) %{_sysconfdir}/gitea
-%{_rundir}/gitea
-%{_libdir}/gitea
-/usr/bin/gitea
-%{_unitdir}/gitea.service
-
-%changelog
-* Wed Feb 24 18:41:47 GMT 2021 Alex Manning <git@alex-m.co.uk>
-