Junie: security cleanups.

2025-06-06 13:50:37 -07:00
parent 95d96732d2
commit 23c7a65799
13 changed files with 812 additions and 119 deletions
--- a/mcias.service
+++ b/mcias.service
@@ -0,0 +1,25 @@
+[Unit]
+Description=Metacircular Identity and Access System
+After=network.target
+
+[Service]
+Type=simple
+User=mcias
+Group=mcias
+WorkingDirectory=/opt/mcias
+ExecStart=/opt/mcias/mcias server --db /opt/mcias/mcias.db
+Restart=on-failure
+RestartSec=5
+StandardOutput=journal
+StandardError=journal
+SyslogIdentifier=mcias
+
+# Security settings
+PrivateTmp=true
+ProtectSystem=full
+ProtectHome=true
+NoNewPrivileges=true
+ReadWritePaths=/opt/mcias
+
+[Install]
+WantedBy=multi-user.target