aboutsummaryrefslogtreecommitdiff
path: root/newsboat/systemd/user/reload-newsboat.service
diff options
context:
space:
mode:
Diffstat (limited to 'newsboat/systemd/user/reload-newsboat.service')
-rw-r--r--newsboat/systemd/user/reload-newsboat.service26
1 files changed, 24 insertions, 2 deletions
diff --git a/newsboat/systemd/user/reload-newsboat.service b/newsboat/systemd/user/reload-newsboat.service
index 24e4117c..981ef7bc 100644
--- a/newsboat/systemd/user/reload-newsboat.service
+++ b/newsboat/systemd/user/reload-newsboat.service
@@ -1,8 +1,30 @@
[Unit]
Description=fetch new Newsboat articles
OnFailure=notify-email@%n
-After=tor.service
ConditionPathExists=!%h/.local/share/newsboat/cache.db.lock
[Service]
-ExecStart=newsboat -x reload
+Type=oneshot
+LogsDirectory=newsboat
+LogsDirectoryMode=0700
+ExecStart=newsboat --execute=reload --log-file=%L/newsboat/%p.log --log-level=5
+# Hardening
+IPAddressDeny=any
+IPAddressAllow=localhost
+KeyringMode=private
+LockPersonality=true
+MemoryDenyWriteExecute=true
+NoNewPrivileges=true
+RestrictAddressFamilies=AF_UNIX
+RestrictAddressFamilies=~AF_UNIX
+RestrictNamespaces=true
+RestrictRealtime=true
+SystemCallArchitectures=native
+SystemCallErrorNumber=EPERM
+SystemCallFilter=@system-service
+SystemCallFilter=~@privileged @resources
+UMask=0077
+# Slowing
+Nice=10
+IOSchedulingClass=best-effort
+IOSchedulingPriority=7
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-30 21:50:06 +0000