From 00c0987529ddb6ac2feb7d66dcc0ad1723f1c07d Mon Sep 17 00:00:00 2001
From: Eric Phillips <eric@ewpt3ch.com>
Date: Thu, 7 May 2026 10:57:19 -0600
Subject: [PATCH] added hardening and limit restarts

---
 deploy/pkgstash.service | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/deploy/pkgstash.service b/deploy/pkgstash.service
index 8eae1a6..3826724 100644
--- a/deploy/pkgstash.service
+++ b/deploy/pkgstash.service
@@ -2,14 +2,19 @@
 Description=Sparse caching arch linux mirror
 After=network-online.target
 Wants=network-online.target
+StartLimitInterval=300
+StartLimitBurst=5
 
 [Service]
 Type=simple
-ExecStart=/usr/local/bin/pkgstash
+ExecStart=/usr/local/bin/pkgstash --config /etd/pkgstash/pkgstash.toml
 User=pkgstash
 Group=pkgstash
 Restart=on-failure
 RestartSec=5s
+NoNewPrivileges=true
+ProtectSystem=strict
+ReadWritePaths=/srv/pkgstash
 
 [Install]
 WantedBy=multi-user.target