build, etc: Add systemd units and ufw rules for relay and discovery (fixes #5115) (#5350)

2019-08-08 18:04:52 +02:00
parent edf2399ce6
commit 7b37d453f9
9 changed files with 90 additions and 8 deletions
--- a/cmd/stdiscosrv/etc/linux-systemd/default
+++ b/cmd/stdiscosrv/etc/linux-systemd/default
@@ -0,0 +1,3 @@
+# Default settings for syncthing-relaysrv (strelaysrv).
+## Add Options here:
+DISCOSRV_OPTS=
--- a/cmd/stdiscosrv/etc/linux-systemd/stdiscosrv.service
+++ b/cmd/stdiscosrv/etc/linux-systemd/stdiscosrv.service
@@ -0,0 +1,25 @@
+[Unit]
+Description=Syncthing Discovery Server
+After=network.target
+Documentation=man:stdiscosrv(1)
+
+[Service]
+WorkingDirectory=/var/lib/syncthing-discosrv
+EnvironmentFile=/etc/default/syncthing-discosrv
+ExecStart=/usr/bin/stdiscosrv $DISCOSRV_OPTS
+
+# Hardening
+User=syncthing-discosrv
+Group=syncthing
+ProtectSystem=strict
+ReadWritePaths=/var/lib/syncthing-discosrv
+NoNewPrivileges=true
+PrivateTmp=true
+PrivateDevices=true
+ProtectHome=true
+SystemCallArchitectures=native
+MemoryDenyWriteExecute=true
+
+[Install]
+WantedBy=multi-user.target
+Alias=syncthing-discosrv.service