Push code

2026-01-28 23:03:50 +01:00
parent 5bd203b516
commit 00bbd6534b
19 changed files with 1224 additions and 0 deletions
--- a/featherddns.service
+++ b/featherddns.service
@@ -0,0 +1,36 @@
+[Unit]
+Description=FeatherDDNS - Lightweight Dynamic DNS Server
+Documentation=https://git.nevets.tech/Steven/FeatherDDNS
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=simple
+User=featherddns
+Group=featherddns
+ExecStart=/usr/bin/featherddns
+WorkingDirectory=/var/lib/featherddns
+Restart=on-failure
+RestartSec=5
+
+# Security hardening
+NoNewPrivileges=yes
+ProtectSystem=strict
+ProtectHome=yes
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectKernelTunables=yes
+ProtectKernelModules=yes
+ProtectControlGroups=yes
+RestrictSUIDSGID=yes
+RestrictNamespaces=yes
+
+# Allow binding to privileged ports if needed (DNS uses 53)
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+
+# Writable directories
+ReadWritePaths=/var/lib/featherddns /var/log/featherddns
+
+[Install]
+WantedBy=multi-user.target