hdm icon indicating copy to clipboard operation
hdm copied to clipboard

Published 20 hours ago verified publisher icon betadots

Hardenize systemd unit

Open bastelfreak opened this issue 3 years ago • 5 comments

We have a basic systemd unit file at https://github.com/betadots/hdm/pull/40/files#diff-6a4ba7e2b78ee8953da5086899d9ba08d3cdb26164e9b4ecf7d5aa87fe665438

while this seems to work, we should implement some hardening. systemd provides many options for that.

bastelfreak avatar Apr 11 '22 16:04 bastelfreak

@bastelfreak can you please specify which hardening options we need? This file is managed by puppet-hdm: https://github.com/betadots/puppet-hdm/blob/main/templates/hdm.service.epp

tuxmea avatar Nov 08 '22 13:11 tuxmea

@bastelfreak usually we run HDM in docker container. RMV and systemd is onyl used in development mode. Do we really need to "hardenize" systemd unit file in DEV mode?

tuxmea avatar Mar 23 '23 14:03 tuxmea

I would like to support running hdm without a docker container. I've the code ready, just need to fix up the acceptance tests. Or do we only want to support hdm in containers?

bastelfreak avatar Apr 20 '23 11:04 bastelfreak

for production systems i would only recommend the container. as martin said: rvm/systemd is only for dev-mode. i wouldn't put much effort into this. as long as there is no strong demand from the community, i would concentrate only on the container.

rwaffen avatar Apr 24 '23 08:04 rwaffen

@bastelfreak Do you still see a need for this?

tuxmea avatar Aug 10 '23 12:08 tuxmea