47 lines
1.1 KiB
Django/Jinja
47 lines
1.1 KiB
Django/Jinja
[Unit]
|
|
Description=HedgeDoc - The best platform to write and share markdown.
|
|
Documentation=https://docs.hedgedoc.org/
|
|
After=network.target
|
|
# Uncomment if you use MariaDB/MySQL
|
|
# After=mysql.service
|
|
# Uncomment if you use PostgreSQL
|
|
After=postgresql.service
|
|
|
|
[Service]
|
|
Type=exec
|
|
Environment=NODE_ENV=production
|
|
Restart=always
|
|
RestartSec=2s
|
|
ExecStart=/usr/bin/yarn start --production
|
|
CapabilityBoundingSet=
|
|
NoNewPrivileges=true
|
|
PrivateDevices=true
|
|
RemoveIPC=true
|
|
LockPersonality=true
|
|
ProtectControlGroups=true
|
|
ProtectKernelTunables=true
|
|
ProtectKernelModules=true
|
|
ProtectKernelLogs=true
|
|
ProtectClock=true
|
|
ProtectHostname=true
|
|
ProtectProc=noaccess
|
|
RestrictRealtime=true
|
|
RestrictSUIDSGID=true
|
|
RestrictNamespaces=true
|
|
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
|
|
ProtectSystem=strict
|
|
PrivateTmp=true
|
|
SystemCallArchitectures=native
|
|
SystemCallFilter=@system-service
|
|
|
|
# You may have to adjust these settings
|
|
User={{service}}
|
|
Group={{service}}
|
|
WorkingDirectory=/home/{{service}}/hedgedoc
|
|
|
|
# Example: local storage for uploads and SQLite
|
|
# ReadWritePaths=/opt/hedgedoc/public/uploads /opt/hedgedoc/db
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|