Add dnssec validating recursive resolver and razorfy+rspamd users

2021-05-21 08:46:35 +02:00
parent c5722c4c2c
commit 3d96c2ca70
6 changed files with 68 additions and 8 deletions
--- a/etc/systemd/system/razorfy.service
+++ b/etc/systemd/system/razorfy.service
@ -0,0 +1,32 @@
+[Unit]
+Description=Razorfy Service
+Requires=network.target local-fs.target time-sync.target
+
+[Service]
+Type=simple
+User=razorfy
+Group=razorfy
+
+EnvironmentFile=/etc/razorfy.conf
+ExecStart=/usr/local/bin/razorfy.pl
+ExecReload=/bin/kill -HUP $MAINPID
+ExecStop=/bin/kill $MAINPID
+
+Restart=always
+RestartSec=3
+
+PIDFile=/var/run/razor.pid
+TimeoutStopSec=30
+
+NoNewPrivileges=true
+PrivateDevices=true
+PrivateTmp=true
+PrivateUsers=true
+ProtectControlGroups=true
+ProtectHome=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectSystem=strict
+
+[Install]
+WantedBy=multi-user.target
--- a/etc/systemd/system/rspamd.service
+++ b/etc/systemd/system/rspamd.service
@ -0,0 +1,17 @@
+[Unit]
+Description=rapid spam filtering system
+After=nss-lookup.target network-online.target
+Documentation=https://rspamd.com/doc/
+
+[Service]
+LimitNOFILE=1048576
+NonBlocking=true
+ExecStart=/usr/local/bin/rspamd -c /usr/local/etc/rspamd/rspamd.conf -f
+ExecReload=/bin/kill -HUP $MAINPID
+User=_rspamd
+RuntimeDirectory=rspamd
+RuntimeDirectoryMode=0755
+Restart=always
+
+[Install]
+WantedBy=multi-user.target