39
data/systemd/debai.service
Archivo normal
39
data/systemd/debai.service
Archivo normal
@@ -0,0 +1,39 @@
|
||||
[Unit]
|
||||
Description=Debai AI Agent Management System
|
||||
Documentation=man:debai(1)
|
||||
After=network.target docker.service
|
||||
Wants=docker.service
|
||||
|
||||
[Service]
|
||||
Type=notify
|
||||
User=debai
|
||||
Group=debai
|
||||
ExecStart=/usr/bin/debai daemon
|
||||
ExecReload=/bin/kill -HUP $MAINPID
|
||||
Restart=on-failure
|
||||
RestartSec=10
|
||||
TimeoutStartSec=60
|
||||
TimeoutStopSec=30
|
||||
|
||||
# Security hardening
|
||||
NoNewPrivileges=yes
|
||||
ProtectSystem=strict
|
||||
ProtectHome=yes
|
||||
PrivateTmp=yes
|
||||
PrivateDevices=yes
|
||||
ProtectKernelTunables=yes
|
||||
ProtectKernelModules=yes
|
||||
ProtectControlGroups=yes
|
||||
RestrictRealtime=yes
|
||||
RestrictSUIDSGID=yes
|
||||
|
||||
# Allow network and Docker socket access
|
||||
PrivateNetwork=no
|
||||
ReadWritePaths=/var/lib/debai /var/log/debai /run/docker.sock
|
||||
|
||||
# Capabilities
|
||||
CapabilityBoundingSet=
|
||||
AmbientCapabilities=
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Referencia en una nueva incidencia
Block a user