avail-mon: small enh., use apprise for notif, add .service
Signed-off-by: Martin Matous <m@matous.dev>
This commit is contained in:
parent
85a34dc79a
commit
02e59ce7e2
GPG key ID:
8BED4CD352953224
3 changed files with 101 additions and 62 deletions
45
availability-monitor.service
Normal file
45
availability-monitor.service
Normal file
|
|
@ -0,0 +1,45 @@
|
|||
[Unit]
|
||||
Description=Server services monitoring
|
||||
After=network-online.target graphical-session.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
EnvironmentFile=%h/.config/private-env/availability-monitor.env
|
||||
ExecStart=/usr/local/bin/availability-monitor.py 3600
|
||||
|
||||
AmbientCapabilities=
|
||||
CapabilityBoundingSet=
|
||||
InaccessiblePaths=/home /root
|
||||
KeyringMode=private
|
||||
LockPersonality=true
|
||||
MemoryDenyWriteExecute=true
|
||||
NoNewPrivileges=true
|
||||
PrivateDevices=true
|
||||
PrivateIPC=true
|
||||
PrivateMounts=true
|
||||
PrivateTmp=true
|
||||
PrivateUsers=true
|
||||
ProcSubset=pid
|
||||
ProtectClock=true
|
||||
ProtectControlGroups=true
|
||||
# can't override rw for %t/bus if "true" (completely inaccessible /run)
|
||||
# rw necessary for notif
|
||||
ProtectHome=read-only
|
||||
ProtectHostname=true
|
||||
ProtectKernelLogs=true
|
||||
ProtectKernelModules=true
|
||||
ProtectKernelTunables=true
|
||||
ProtectProc=noaccess
|
||||
ProtectSystem=strict
|
||||
ReadWritePaths=%t/bus
|
||||
# AF_UNIX for dbus (notifications), net for checking (duh)
|
||||
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
|
||||
RestrictNamespaces=true
|
||||
RestrictRealtime=true
|
||||
RestrictSUIDSGID=true
|
||||
SystemCallArchitectures=native
|
||||
SystemCallFilter=@system-service
|
||||
UMask=0277
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Loading…
Add table
Add a link
Reference in a new issue