44 lines
1.3 KiB
Desktop File
44 lines
1.3 KiB
Desktop File
[Unit]
|
|
Description=GoTermix — web terminal
|
|
Documentation=https://ghb.freebede.com/nahakubuilder/gotermix
|
|
After=network.target
|
|
Wants=network.target
|
|
|
|
[Service]
|
|
Type=simple
|
|
|
|
# ── User ─────────────────────────────────────────────────────────────
|
|
# Option A (default): run as your own user so the terminal inherits
|
|
# your permissions, sudo rights, and home directory.
|
|
# Replace "youruser" with the actual username.
|
|
User=youruser
|
|
Group=youruser
|
|
|
|
# Option B: dedicated unprivileged system user (no sudo inside terminal).
|
|
# Create first: useradd --system --no-create-home --shell /sbin/nologin gotermix
|
|
# Then swap the User/Group lines above and remove NoNewPrivileges below.
|
|
|
|
# Working directory — binary, gws-creds.json and gotermix.log live here.
|
|
WorkingDirectory=/opt/gotermix
|
|
|
|
# Absolute path to the binary.
|
|
ExecStart=/opt/gotermix/gotermix -addr 0.0.0.0:5000
|
|
|
|
# Restart policy
|
|
Restart=on-failure
|
|
RestartSec=5s
|
|
|
|
# Kernel hardening — safe for both options.
|
|
ProtectKernelModules=true
|
|
ProtectKernelTunables=true
|
|
ProtectControlGroups=true
|
|
|
|
# Restrict address families to IPv4/IPv6/Unix sockets.
|
|
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
|
|
|
|
RestrictRealtime=true
|
|
LockPersonality=true
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|