Remove pyc files

pyc files are not compatible across multiple python versions
Harden systemd service files
This commit is contained in:
Balakrishnan Balasubramanian 2023-06-24 20:12:20 -04:00
parent 2bcc807b91
commit 95423ebf63
3 changed files with 11 additions and 6 deletions

View File

@ -14,10 +14,10 @@ requirements.txt: Pipfile.lock
pipenv requirements > requirements.txt pipenv requirements > requirements.txt
build: clean requirements.txt build: clean requirements.txt
python3 -m pip install -r requirements.txt --target build python3 -m pip install -r requirements.txt --no-compile --target build
cp -r mail4one/ build/ cp -r mail4one/ build/
sed -i "s/DEVELOMENT/$(shell scripts/get_version.sh)/" build/mail4one/version.py sed -i "s/DEVELOMENT/$(shell scripts/get_version.sh)/" build/mail4one/version.py
python3 -m compileall build/mail4one -f rm -rf build/mail4one/__pycache__
rm -rf build/*.dist-info rm -rf build/*.dist-info
python3 -m zipapp \ python3 -m zipapp \
--output mail4one.pyz \ --output mail4one.pyz \

View File

@ -9,14 +9,19 @@ Requires=network-online.target
[Service] [Service]
User=mail4one User=mail4one
ExecStart=/usr/local/bin/mail4one --config /etc/mail4one/config.json ExecStart=/usr/local/bin/mail4one --config /etc/mail4one/config.json
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE AmbientCapabilities=CAP_NET_BIND_SERVICE
StateDirectory=mail4one StateDirectory=mail4one/certs mail4one/mails
StateDirectoryMode=0750
UMask=
LogsDirectory=mail4one LogsDirectory=mail4one
WorkingDirectory=/var/lib/mail4one WorkingDirectory=/var/lib/mail4one
ProtectSystem=strict
PrivateTmp=true
PrivateUsers=true
ProtectHome=yes ProtectHome=yes
NoNewPrivileges=yes
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

View File

@ -10,7 +10,7 @@ set -x
if [ "$RENEWED_DOMAINS" = "mail.mydomain.com" ] if [ "$RENEWED_DOMAINS" = "mail.mydomain.com" ]
then then
mkdir -p /var/lib/mail4one/certs mkdir -p /var/lib/mail4one/certs
chmod 500 /var/lib/mail4one/certs chmod 750 /var/lib/mail4one/certs
chown mail4one:mail4one /var/lib/mail4one/certs chown mail4one:mail4one /var/lib/mail4one/certs
cp "$RENEWED_LINEAGE/fullchain.pem" /var/lib/mail4one/certs/ cp "$RENEWED_LINEAGE/fullchain.pem" /var/lib/mail4one/certs/
cp "$RENEWED_LINEAGE/privkey.pem" /var/lib/mail4one/certs/ cp "$RENEWED_LINEAGE/privkey.pem" /var/lib/mail4one/certs/