Files
@ 5656bd3062ce
Branch filter:
Location: website/systemd/conservancy-www-update.service - annotation
5656bd3062ce
606 B
text/plain
usethesource: add to What We Do - getting real!
03e06738a00c 03e06738a00c bdac443c16db bdac443c16db bdac443c16db bdac443c16db bdac443c16db 053504d099b8 bdac443c16db bdac443c16db bdac443c16db bdac443c16db bdac443c16db bdac443c16db bdac443c16db bdac443c16db bdac443c16db bdac443c16db bdac443c16db bdac443c16db bdac443c16db bdac443c16db bdac443c16db bdac443c16db bdac443c16db | # Run the website update script (see also: conservancy-www-update.timer).
[Unit]
Description=Update Conservancy website checkout
[Service]
Type=oneshot
User=www-data
WorkingDirectory=/var/www/website
ExecStart=/var/www/website/systemd/conservancy-www-update.sh
SystemCallFilter=~@clock @cpu-emulation @debug @module @mount @obsolete
CapabilityBoundingSet=
NoNewPrivileges=true
PrivateDevices=true
PrivateNetwork=false
PrivateTmp=true
PrivateUsers=false
ProtectControlGroups=true
ProtectHome=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectSystem=strict
ReadWritePaths=/var/www/website
|