From 4139c63d23a1f4cc427eb428bcff0594c395c1c5 Mon Sep 17 00:00:00 2001 From: Markus Heiser Date: Wed, 8 Jan 2020 19:21:07 +0100 Subject: utils/filtron.sh: add script to install filtron middleware Signed-off-by: Markus Heiser --- utils/templates/lib/systemd/system/filtron.service | 29 ++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 utils/templates/lib/systemd/system/filtron.service (limited to 'utils/templates/lib/systemd/system') diff --git a/utils/templates/lib/systemd/system/filtron.service b/utils/templates/lib/systemd/system/filtron.service new file mode 100644 index 000000000..fdb67731a --- /dev/null +++ b/utils/templates/lib/systemd/system/filtron.service @@ -0,0 +1,29 @@ +[Unit] + +Description=${SERVICE_NAME} +After=syslog.target +After=network.target + +[Service] + +Type=simple +User=${SERVICE_USER} +Group=${SERVICE_GROUP} +WorkingDirectory=${SERVICE_HOME} +ExecStart=${SERVICE_HOME}/go-apps/bin/filtron -rules ${FILTRON_RULES} + +Restart=always +Environment=USER=${SERVICE_USER} HOME=${SERVICE_HOME} + +# Some distributions may not support these hardening directives. If you cannot +# start the service due to an unknown option, comment out the ones not supported +# by your version of systemd. + +ProtectSystem=full +PrivateDevices=yes +PrivateTmp=yes +NoNewPrivileges=true + +[Install] + +WantedBy=multi-user.target -- cgit v1.2.3 From 4990b07b4bc42b0caf0d890f8c81c3545bbb807b Mon Sep 17 00:00:00 2001 From: Markus Heiser Date: Thu, 9 Jan 2020 16:25:05 +0100 Subject: utils/filtron.sh: various fix from first installation test (WIP) Signed-off-by: Markus Heiser --- utils/templates/lib/systemd/system/filtron.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'utils/templates/lib/systemd/system') diff --git a/utils/templates/lib/systemd/system/filtron.service b/utils/templates/lib/systemd/system/filtron.service index fdb67731a..3b0c6edcc 100644 --- a/utils/templates/lib/systemd/system/filtron.service +++ b/utils/templates/lib/systemd/system/filtron.service @@ -10,7 +10,7 @@ Type=simple User=${SERVICE_USER} Group=${SERVICE_GROUP} WorkingDirectory=${SERVICE_HOME} -ExecStart=${SERVICE_HOME}/go-apps/bin/filtron -rules ${FILTRON_RULES} +ExecStart=${SERVICE_HOME}/go-apps/bin/filtron -api '${FILTRON_API}' -listen '${FILTRON_LISTEN}' -rules '${FILTRON_RULES}' -target '${FILTRON_TARGET}' Restart=always Environment=USER=${SERVICE_USER} HOME=${SERVICE_HOME} -- cgit v1.2.3 From a4437c47ac0bd22cd7f5aaa8e7895cdd8e93a317 Mon Sep 17 00:00:00 2001 From: Markus Heiser Date: Sun, 2 Feb 2020 18:14:10 +0100 Subject: utils/morty.sh: add script to install morty result proxy Signed-off-by: Markus Heiser --- utils/templates/lib/systemd/system/morty.service | 29 ++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 utils/templates/lib/systemd/system/morty.service (limited to 'utils/templates/lib/systemd/system') diff --git a/utils/templates/lib/systemd/system/morty.service b/utils/templates/lib/systemd/system/morty.service new file mode 100644 index 000000000..d463c5097 --- /dev/null +++ b/utils/templates/lib/systemd/system/morty.service @@ -0,0 +1,29 @@ +[Unit] + +Description=${SERVICE_NAME} +After=syslog.target +After=network.target + +[Service] + +Type=simple +User=${SERVICE_USER} +Group=${SERVICE_GROUP} +WorkingDirectory=${SERVICE_HOME} +ExecStart=${SERVICE_HOME}/go-apps/bin/morty -key '' -listen '${MORTY_LISTEN}' -timeout ${MORTY_TIMEOUT} + +Restart=always +Environment=USER=${SERVICE_USER} HOME=${SERVICE_HOME} DEBUG=${SERVICE_ENV_DEBUG} + +# Some distributions may not support these hardening directives. If you cannot +# start the service due to an unknown option, comment out the ones not supported +# by your version of systemd. + +ProtectSystem=full +PrivateDevices=yes +PrivateTmp=yes +NoNewPrivileges=true + +[Install] + +WantedBy=multi-user.target -- cgit v1.2.3 From ea3255835a259516c7a8b62eb319a338cebf7e9f Mon Sep 17 00:00:00 2001 From: Markus Heiser Date: Tue, 28 Apr 2020 16:21:45 +0200 Subject: utils/morty.sh: set morty key to avoid service abuse - https://github.com/asciimoo/searx/issues/1871#issuecomment-592459798 make install all generates random MORTY_KEY, install service with that key and sets option in the searx settingy.yml file. Signed-off-by: Markus Heiser --- utils/templates/lib/systemd/system/morty.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'utils/templates/lib/systemd/system') diff --git a/utils/templates/lib/systemd/system/morty.service b/utils/templates/lib/systemd/system/morty.service index d463c5097..25b676b51 100644 --- a/utils/templates/lib/systemd/system/morty.service +++ b/utils/templates/lib/systemd/system/morty.service @@ -10,7 +10,7 @@ Type=simple User=${SERVICE_USER} Group=${SERVICE_GROUP} WorkingDirectory=${SERVICE_HOME} -ExecStart=${SERVICE_HOME}/go-apps/bin/morty -key '' -listen '${MORTY_LISTEN}' -timeout ${MORTY_TIMEOUT} +ExecStart=${SERVICE_HOME}/go-apps/bin/morty -key '${MORTY_KEY}' -listen '${MORTY_LISTEN}' -timeout ${MORTY_TIMEOUT} Restart=always Environment=USER=${SERVICE_USER} HOME=${SERVICE_HOME} DEBUG=${SERVICE_ENV_DEBUG} -- cgit v1.2.3