libeufin

Integration and sandbox testing for FinTech APIs and data formats
Log | Files | Refs | Submodules | README | LICENSE
commit 3b1be04328f24b4f9719e3df978ccfe5311b3e2e
parent 8e85df18b90c6f0077e5f66d2de9bd63df41476a
Author: Antoine A <>
Date:   Thu,  5 Dec 2024 17:30:49 +0100

common: systemd slices and security config

Diffstat:

Mdebian/libeufin-bank.libeufin-bank-gc.service | 7+++++++


Mdebian/libeufin-bank.libeufin-bank.service | 6++++++


Adebian/libeufin-bank.libeufin-bank.slice | 7+++++++


Mdebian/libeufin-nexus.libeufin-nexus-ebics-fetch.service | 6++++++


Mdebian/libeufin-nexus.libeufin-nexus-ebics-submit.service | 6++++++


Mdebian/libeufin-nexus.libeufin-nexus-httpd.service | 6++++++


Adebian/libeufin-nexus.libeufin-nexus.slice | 7+++++++


7 files changed, 45 insertions(+), 0 deletions(-)

diff --git a/debian/libeufin-bank.libeufin-bank-gc.service b/debian/libeufin-bank.libeufin-bank-gc.service
@@ -6,3 +6,9 @@ PartOf=libeufin-bank.target
 [Service]
 User=libeufin-bank
 ExecStart=/usr/bin/libeufin-bank gc -c /etc/libeufin/libeufin-bank.conf
+StandardOutput=journal
+StandardError=journal
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectSystem=full
+Slice=libeufin-bank.slice
+\ No newline at end of file
diff --git a/debian/libeufin-bank.libeufin-bank.service b/debian/libeufin-bank.libeufin-bank.service
@@ -8,6 +8,12 @@ User=libeufin-bank
 ExecStart=/usr/bin/libeufin-bank serve -c /etc/libeufin/libeufin-bank.conf
 Restart=on-failure
 RestartSec=1s
+StandardOutput=journal
+StandardError=journal
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectSystem=full
+Slice=libeufin-bank.slice
 
 [Install]
 WantedBy=multi-user.target
diff --git a/debian/libeufin-bank.libeufin-bank.slice b/debian/libeufin-bank.libeufin-bank.slice
@@ -0,0 +1,7 @@
+[Unit]
+Description=Slice for GNU Taler LibEuFin Bank processes
+Before=slices.target
+
+[Slice]
+# Add settings that should affect all GNU Taler LibEuFin Bank
+# components here.
diff --git a/debian/libeufin-nexus.libeufin-nexus-ebics-fetch.service b/debian/libeufin-nexus.libeufin-nexus-ebics-fetch.service
@@ -8,6 +8,12 @@ User=libeufin-nexus
 ExecStart=/usr/bin/libeufin-nexus ebics-fetch -c /etc/libeufin/libeufin-nexus.conf
 Restart=on-failure
 RestartSec=1s
+StandardOutput=journal
+StandardError=journal
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectSystem=full
+Slice=libeufin-nexus.slice
 
 [Install]
 WantedBy=multi-user.target
diff --git a/debian/libeufin-nexus.libeufin-nexus-ebics-submit.service b/debian/libeufin-nexus.libeufin-nexus-ebics-submit.service
@@ -8,6 +8,12 @@ User=libeufin-nexus
 ExecStart=/usr/bin/libeufin-nexus ebics-submit -c /etc/libeufin/libeufin-nexus.conf
 Restart=on-failure
 RestartSec=1s
+StandardOutput=journal
+StandardError=journal
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectSystem=full
+Slice=libeufin-nexus.slice
 
 [Install]
 WantedBy=multi-user.target
diff --git a/debian/libeufin-nexus.libeufin-nexus-httpd.service b/debian/libeufin-nexus.libeufin-nexus-httpd.service
@@ -9,6 +9,12 @@ ExecStart=/usr/bin/libeufin-nexus serve -c /etc/libeufin/libeufin-nexus.conf
 ExecCondition=/usr/bin/libeufin-nexus serve -c /etc/libeufin/libeufin-nexus.conf --check
 Restart=on-failure
 RestartSec=1s
+StandardOutput=journal
+StandardError=journal
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectSystem=full
+Slice=libeufin-nexus.slice
 
 [Install]
 WantedBy=multi-user.target
diff --git a/debian/libeufin-nexus.libeufin-nexus.slice b/debian/libeufin-nexus.libeufin-nexus.slice
@@ -0,0 +1,7 @@
+[Unit]
+Description=Slice for GNU Taler LibEuFin Nexus processes
+Before=slices.target
+
+[Slice]
+# Add settings that should affect all GNU Taler LibEuFin Nexus
+# components here.