2 files changed, 41 insertions, 0 deletions

diff --git a/.config/systemd/system/vdirsyncer@.service b/.config/systemd/system/vdirsyncer@.service
new file mode 100644
index 0000000..76da2a6
--- /dev/null
+++ b/.config/systemd/system/vdirsyncer@.service
@@ -0,0 +1,32 @@
+[Unit]
+Description=DAV synchronization service for %i
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/vdirsyncer sync
+
+User=%i
+Group=%i
+
+CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYS_NICE CAP_SYS_RESOURCE CAP_BLOCK_SUSPEND CAP_SYS_BOOT CAP_SYS_CHROOT CAP_SYS_TTY_CONFIG CAP_LINUX_IMMUTABLE CAP_SETUID CAP_SETGID CAP_SETPCAP
+DeviceAllow=
+LockPersonality=true
+MemoryDenyWriteExecute=true
+NoNewPrivileges=true
+PrivateDevices=true
+PrivateTmp=true
+ProtectClock=true
+ProtectControlGroups=true
+ProtectHostname=true
+ProtectKernelLogs=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectProc=noaccess
+ProtectSystem=strict
+RemoveIPC=true
+RestrictAddressFamilies=~AF_PACKET AF_NETLINK AF_UNIX
+RestrictNamespaces=~user pid net uts mnt cgroup ipc
+RestrictRealtime=true
+RestrictSUIDSGID=true
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
diff --git a/.config/systemd/system/vdirsyncer@.timer b/.config/systemd/system/vdirsyncer@.timer
new file mode 100644
index 0000000..57f77db
--- /dev/null
+++ b/.config/systemd/system/vdirsyncer@.timer
@@ -0,0 +1,9 @@
+[Unit]
+Description=DAV synchronization timer for %i
+
+[Timer]
+OnBootSec=2m
+OnUnitActiveSec=5m
+
+[Install]
+WantedBy=timers.target