Hardenize systemd unit

[bastelfreak]

We have a basic systemd unit file at https://github.com/betadots/hdm/pull/40/files#diff-6a4ba7e2b78ee8953da5086899d9ba08d3cdb26164e9b4ecf7d5aa87fe665438

while this seems to work, we should implement some hardening. systemd provides many options for that.

[tuxmea]

@bastelfreak can you please specify which hardening options we need?
This file is managed by puppet-hdm: https://github.com/betadots/puppet-hdm/blob/main/templates/hdm.service.epp

[tuxmea]

@bastelfreak usually we run HDM in docker container.
RMV and systemd is onyl used in development mode.
Do we really need to "hardenize" systemd unit file in DEV mode?

[bastelfreak]

I would like to support running hdm without a docker container. I've the code ready, just need to fix up the acceptance tests. Or do we only want to support hdm in containers?

[rwaffen]

for production systems i would only recommend the container. as martin said: rvm/systemd is only for dev-mode. i wouldn't put much effort into this. as long as there is no strong demand from the community, i would concentrate only on the container.

[tuxmea]

@bastelfreak Do you still see a need for this?