uwsgi-app_AT_bepasty-moep.service

QR Download Inline

Type: text/plain, Size: 1357 bytes, SHA256: 5399fb6fb4fd382c61bf84ce523e917177adeeca804607a4c93c48a62797bcf9.
UTC timestamps: upload: 2025-08-24 07:00:07, download: 2026-03-18 21:13:09, max lifetime: forever. 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
root@alpha:~# systemctl cat uwsgi-app@bepasty-moep.service  --no-pager

# /usr/lib/systemd/system/uwsgi-app@.service

[Unit]

Description=%i uWSGI app

Documentation=man:uwsgi(1) file:/usr/share/doc/uwsgi-core/README.Debian



[Service]

ExecStart=/usr/bin/uwsgi --ini /etc/uwsgi/apps-available/%i.ini

User=www-%i

Group=www-data

DynamicUser=yes

StateDirectory=uwsgi/%i

KillSignal=SIGQUIT

Type=notify



# /etc/systemd/system/uwsgi-app@bepasty-moep.service.d/override.conf

[Service]



Security lockdown.

[Service]

#CacheDirectory=%p

CapabilityBoundingSet=

#DevicePolicy=closed

#DynamicUser=yes

# Group=

#IPAddressDeny=any

LockPersonality=yes

MemoryDenyWriteExecute=yes

PrivateDevices=yes

#PrivateNetwork=yes

PrivateUsers=yes

ProcSubset=pid

ProtectClock=yes

ProtectControlGroups=yes

ProtectHome=yes

ProtectHostname=yes

ProtectKernelLogs=yes

ProtectKernelModules=yes

ProtectKernelTunables=yes

#ProtectProc=invisible

#ProtectSystem=strict

RestrictAddressFamilies=AF_UNIX

#RestrictAddressFamilies=AF_UNIX, AF_INET, AF_INET6

#RestrictNamespaces=yes

RestrictRealtime=yes

#SystemCallArchitectures=native

#SystemCallFilter=@system-service

#SystemCallFilter=~@privileged @resources

UMask=0007

#User=

ReadOnlyPaths=/usr/share/javascript/bepasty-pygments /usr/lib/python3/dist-packages/bepasty

ReadWritePaths=/srv/bepasty/moep