Open bastelfreak opened 2 years ago
tuxmea
commented
1 year ago @bastelfreak can you please specify which hardening options we need? This file is managed by puppet-hdm: https://github.com/betadots/puppet-hdm/blob/main/templates/hdm.service.epp
tuxmea
commented
1 year ago @bastelfreak usually we run HDM in docker container. RMV and systemd is onyl used in development mode. Do we really need to "hardenize" systemd unit file in DEV mode?
bastelfreak
commented
1 year ago I would like to support running hdm without a docker container. I've the code ready, just need to fix up the acceptance tests. Or do we only want to support hdm in containers?
rwaffen
commented
1 year ago for production systems i would only recommend the container. as martin said: rvm/systemd is only for dev-mode. i wouldn't put much effort into this. as long as there is no strong demand from the community, i would concentrate only on the container.
tuxmea
commented
1 year ago @bastelfreak Do you still see a need for this?
We have a basic systemd unit file at https://github.com/betadots/hdm/pull/40/files#diff-6a4ba7e2b78ee8953da5086899d9ba08d3cdb26164e9b4ecf7d5aa87fe665438
while this seems to work, we should implement some hardening. systemd provides many options for that.