Minor `.service` adjustments
For caddy.service
please consider:
- replacing
ReadWritePaths=/var/lib/caddy /var/log/caddy /run/caddy
with:
ConfigurationDirectory=caddy
RuntimeDirectory=caddy
LogsDirectory=caddy
StateDirectory=caddy
as well as
- adding:
SystemCallArchitectures=native
SystemCallFilter=@system-service
SystemCallFilter=~@resources @privileged
for further hardening.
Thank you.
Edited by Oleksandr Natalenko