summaryrefslogtreecommitdiffstats
path: root/arch/tde-deps/tor/tor.service
diff options
context:
space:
mode:
authorSlávek Banko <slavek.banko@axis.cz>2022-11-15 17:09:41 +0100
committerSlávek Banko <slavek.banko@axis.cz>2022-11-15 17:09:41 +0100
commit0d43adafed4ce0fa22988f2ff8948f8f64d811a3 (patch)
treea15c8b9af137b41833b5a51a4da88ea6478d09fa /arch/tde-deps/tor/tor.service
parent9ad10a881e3df75b587767eb5cc78b2ea840316a (diff)
downloadtde-packaging-0d43adafed4ce0fa22988f2ff8948f8f64d811a3.tar.gz
tde-packaging-0d43adafed4ce0fa22988f2ff8948f8f64d811a3.zip
ArchLinux: Add powerpc64le to architectures.
Cleanup some unnecessary dependencies. Add pkgbuilds for dependencies that are not available on archlinuxpower.org. Signed-off-by: Slávek Banko <slavek.banko@axis.cz>
Diffstat (limited to 'arch/tde-deps/tor/tor.service')
-rw-r--r--arch/tde-deps/tor/tor.service35
1 files changed, 35 insertions, 0 deletions
diff --git a/arch/tde-deps/tor/tor.service b/arch/tde-deps/tor/tor.service
new file mode 100644
index 000000000..f91b63a08
--- /dev/null
+++ b/arch/tde-deps/tor/tor.service
@@ -0,0 +1,35 @@
+# tor.service -- this systemd configuration file for Tor sets up a
+# relatively conservative, hardened Tor service. You may need to
+# edit it if you are making changes to your Tor configuration that it
+# does not allow. Package maintainers: this should be a starting point
+# for your tor.service; it is not the last point.
+
+[Unit]
+Description=Anonymizing overlay network for TCP
+After=syslog.target network.target nss-lookup.target
+
+[Service]
+Type=notify
+NotifyAccess=all
+ExecStartPre=/usr/bin/tor -f /etc/tor/torrc --verify-config
+ExecStart=/usr/bin/tor -f /etc/tor/torrc
+ExecReload=/bin/kill -HUP ${MAINPID}
+KillSignal=SIGINT
+TimeoutSec=60
+Restart=on-failure
+WatchdogSec=1m
+LimitNOFILE=32768
+
+# Hardening
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectHome=yes
+ProtectSystem=full
+ReadOnlyDirectories=/
+ReadWriteDirectories=-/var/lib/tor
+ReadWriteDirectories=-/var/log/tor
+NoNewPrivileges=yes
+CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE CAP_DAC_READ_SEARCH
+
+[Install]
+WantedBy=multi-user.target