Systemd hardening and Debian upgrades

[nuxeh]

Following the merge of f64f4c5, upgrading via Debian package will now fail. The default configuration path is found via XDG environment variables, yet with DynamicUser, this appears to still point to /home/url-bot-rs rather than /var/lib/url-bot-rs

Dec 16 18:10:46 dinkydos url-bot-rs[484396]: INFO - directory `/home/url-bot-rs/.config/url-bot-rs` doesn't exist, cr>
Dec 16 18:10:46 dinkydos url-bot-rs[484396]: ERROR - Permission denied (os error 13)

There is an additional concern about copying the existing configuration, which would likely require user intervention (manual copying of the data) for the service to run. Not sure of a graceful way to handle this automatically.

[mweinelt]

AFAIR systemd notices when a service toggles DynamicUser and moves state back and forth as needed.

The reason why it still points to /home/url-bot-rs is likely because that is the pre-existing users home directory which would need to be changed.

[polyzen]

You may also want ConfigurationDirectory=url-bot-rs in order to use /etc/url-bot-rs when run as a system unit:
https://www.freedesktop.org/software/systemd/man/systemd.exec.html#RuntimeDirectory=

https://www.freedesktop.org/software/systemd/man/file-hierarchy.html#/etc/
https://www.freedesktop.org/software/systemd/man/file-hierarchy.html#/var/lib/