← 返回
未分类 中文

Systemd Unit Generator

Generate, validate, and lint systemd unit files (.service, .timer, .socket, .mount) with hardening and best practices.
生成、验证并检查 systemd 单元文件(.service、.timer、.socket、.mount),提供安全加固和最佳实践。
charlie-morrison charlie-morrison 来源
未分类 clawhub v1.0.1 1 版本 100000 Key: 无需
★ 0
Stars
📥 397
下载
💾 1
安装
1
版本
#latest

概述

Systemd Unit Generator

Generate systemd service, timer, socket, and mount unit files with security hardening.

Commands

Generate a service unit

python3 scripts/systemd-unit-generator.py service --name myapp --exec "/usr/bin/node /app/server.js" --user www-data

Generate a timer unit

python3 scripts/systemd-unit-generator.py timer --name backup --oncalendar "daily" --service backup.service

Generate a socket unit

python3 scripts/systemd-unit-generator.py socket --name myapp --listen-stream 8080

Validate an existing unit file

python3 scripts/systemd-unit-generator.py validate /etc/systemd/system/myapp.service

Lint a unit for best practices

python3 scripts/systemd-unit-generator.py lint /etc/systemd/system/myapp.service

Use a preset template

python3 scripts/systemd-unit-generator.py preset nodejs --name myapp --exec "/usr/bin/node /app/server.js"
python3 scripts/systemd-unit-generator.py preset python --name myapi --exec "/app/venv/bin/gunicorn app:app"
python3 scripts/systemd-unit-generator.py preset docker --name webapp --exec "docker-compose up"

Options

  • --name NAME — Service name (required for generate)
  • --exec CMD — ExecStart command
  • --user USER — Run as user
  • --group GROUP — Run as group
  • --workdir DIR — Working directory
  • --env KEY=VAL — Environment variable (repeatable)
  • --restart POLICY — Restart policy (on-failure, always, no)
  • --type TYPE — Service type (simple, forking, oneshot, notify)
  • --harden — Apply security hardening (sandbox, resource limits)
  • --description DESC — Unit description
  • --after UNIT — After dependency
  • --wants UNIT — Wants dependency
  • --oncalendar EXPR — Timer calendar expression
  • --listen-stream ADDR — Socket listen address/port
  • --format text|json — Output format (default: text)
  • --output FILE — Write to file instead of stdout

Presets

  • nodejs — Node.js app with auto-restart, logging, hardening
  • python — Python/Gunicorn app with venv support
  • docker — Docker Compose service
  • golang — Go binary with minimal dependencies
  • cron — Oneshot + timer for cron-like scheduling

Security Hardening (--harden)

Adds: ProtectSystem, ProtectHome, PrivateTmp, NoNewPrivileges, CapabilityBoundingSet, SystemCallFilter, RestrictNamespaces, RestrictRealtime, MemoryDenyWriteExecute, ReadWritePaths

Exit Codes

  • 0: Success
  • 1: Validation errors found
  • 2: Invalid arguments

版本历史

共 1 个版本

  • v1.0.1 当前
    2026-05-07 05:43 安全 安全

安全检测

腾讯云安全 (Keen)

安全,无风险
查看报告

腾讯云安全 (Sanbu)

安全,无风险
查看报告

🔗 相关推荐

it-ops-security

Free Ride - Unlimited free AI

shaivpidadi
管理OpenClaw的OpenRouter免费AI模型,自动按质量排名模型,配置速率限制备用方案,并更新opencla...
★ 471 📥 78,386
dev-programming

Devcontainer Validator

charlie-morrison
在 VS Code 开发容器中验证 devcontainer.json 的语法、结构、功能、端口、生命周期脚本、定制项及安全最佳实践。
★ 0 📥 541
it-ops-security

OpenClaw Backup

alex3alex
备份与恢复 OpenClaw 数据。适用于创建备份、设置自动备份计划、从备份恢复或管理备份轮转。处理 ~/.openclaw 目录归档并包含适当的排除规则。
★ 90 📥 31,042