mail4one/deploy_configs/mail4one.service

# This file should be copied to /etc/systemd/system/mail4one.service 
# Quickstart
# systemctl daemon-reload
# systemctl enable --now mail4one.service 

[Unit]
Description=Personal Mail server
Documentation=https://gitea.balki.me/balki/mail4one
After=network.target network-online.target
Requires=network-online.target

[Service]

# This user should already exist. See mail4one.conf for creating user with sysusers
User=mail4one
ExecStart=/usr/local/bin/mail4one --config /etc/mail4one/config.json

# Below allows to bind to port < 1024. Standard ports are 25, 465, 995
AmbientCapabilities=CAP_NET_BIND_SERVICE
CapabilityBoundingSet=CAP_NET_BIND_SERVICE

StateDirectory=mail4one/certs mail4one/mails
StateDirectoryMode=0750
LogsDirectory=mail4one
WorkingDirectory=/var/lib/mail4one

ProtectSystem=strict
PrivateTmp=true
ProtectHome=yes
ProtectProc=invisible
NoNewPrivileges=yes

[Install]
WantedBy=multi-user.target
Add sample configuration and documentation (#1) Reviewed-on: https://gitea.balki.me/balki/mail4one/pulls/1 2023-06-28 16:54:50 -04:00			`# This file should be copied to /etc/systemd/system/mail4one.service`
			`# Quickstart`
			`# systemctl daemon-reload`
			`# systemctl enable --now mail4one.service`
add deploy configs 2023-06-20 21:45:14 -04:00
			`[Unit]`
			`Description=Personal Mail server`
			`Documentation=https://gitea.balki.me/balki/mail4one`
			`After=network.target network-online.target`
			`Requires=network-online.target`

			`[Service]`
Add sample configuration and documentation (#1) Reviewed-on: https://gitea.balki.me/balki/mail4one/pulls/1 2023-06-28 16:54:50 -04:00
			`# This user should already exist. See mail4one.conf for creating user with sysusers`
add deploy configs 2023-06-20 21:45:14 -04:00			`User=mail4one`
			`ExecStart=/usr/local/bin/mail4one --config /etc/mail4one/config.json`
more systemd hardening 2023-06-24 21:17:47 -04:00
Add sample configuration and documentation (#1) Reviewed-on: https://gitea.balki.me/balki/mail4one/pulls/1 2023-06-28 16:54:50 -04:00			`# Below allows to bind to port < 1024. Standard ports are 25, 465, 995`
add deploy configs 2023-06-20 21:45:14 -04:00			`AmbientCapabilities=CAP_NET_BIND_SERVICE`
more systemd hardening 2023-06-24 21:17:47 -04:00			`CapabilityBoundingSet=CAP_NET_BIND_SERVICE`
add deploy configs 2023-06-20 21:45:14 -04:00
Remove pyc files pyc files are not compatible across multiple python versions Harden systemd service files 2023-06-24 20:12:20 -04:00			`StateDirectory=mail4one/certs mail4one/mails`
			`StateDirectoryMode=0750`
add deploy configs 2023-06-20 21:45:14 -04:00			`LogsDirectory=mail4one`
			`WorkingDirectory=/var/lib/mail4one`
Remove pyc files pyc files are not compatible across multiple python versions Harden systemd service files 2023-06-24 20:12:20 -04:00
			`ProtectSystem=strict`
			`PrivateTmp=true`
add deploy configs 2023-06-20 21:45:14 -04:00			`ProtectHome=yes`
more systemd hardening 2023-06-24 21:17:47 -04:00			`ProtectProc=invisible`
Add sample configuration and documentation (#1) Reviewed-on: https://gitea.balki.me/balki/mail4one/pulls/1 2023-06-28 16:54:50 -04:00			`NoNewPrivileges=yes`
add deploy configs 2023-06-20 21:45:14 -04:00
			`[Install]`
			`WantedBy=multi-user.target`