62 lines
1.6 KiB
Django/Jinja
62 lines
1.6 KiB
Django/Jinja
[Unit]
|
|
Description=Gitea (Git with a cup of tea)
|
|
After=syslog.target
|
|
After=network.target
|
|
###
|
|
# If using socket activation for main http/s
|
|
###
|
|
#
|
|
#After=gitea.main.socket
|
|
#Requires=gitea.main.socket
|
|
#
|
|
###
|
|
|
|
[Service]
|
|
ProtectSystem=strict
|
|
PrivateUsers=true
|
|
NoNewPrivileges=yes
|
|
TemporaryFileSystem=/:ro
|
|
ConfigurationDirectory={{ gitea.path.config }}
|
|
BindPaths={{ gitea.path.data }}
|
|
BindReadOnlyPaths=/etc
|
|
BindReadOnlyPaths=/usr
|
|
BindReadOnlyPaths=/lib
|
|
BindReadOnlyPaths=/lib64
|
|
ProtectControlGroups=yes
|
|
ProtectKernelModules=yes
|
|
ProtectKernelTunables=yes
|
|
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
|
|
RestrictNamespaces=yes
|
|
RestrictRealtime=yes
|
|
RestrictSUIDSGID=yes
|
|
MemoryDenyWriteExecute=yes
|
|
LockPersonality=yes
|
|
PrivateTmp=yes
|
|
PrivateDevices=yes
|
|
# Modify these two values and uncomment them if you have
|
|
# repos with lots of files and get an HTTP error 500 because
|
|
# of that
|
|
###
|
|
#LimitMEMLOCK=infinity
|
|
#LimitNOFILE=65535
|
|
RestartSec=2s
|
|
Type=simple
|
|
User=git
|
|
Group=git
|
|
WorkingDirectory={{ gitea.path.data }}
|
|
# If using Unix socket: tells systemd to create the /run/gitea folder, which will contain the gitea.sock file
|
|
# (manually creating /run/gitea doesn't work, because it would not persist across reboots)
|
|
#RuntimeDirectory=gitea
|
|
ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini
|
|
Restart=always
|
|
Environment=USER=git HOME=/home/git GITEA_WORK_DIR={{ gitea.path.data }}
|
|
# If you want to bind Gitea to a port below 1024, uncomment
|
|
# the two values below, or use socket activation to pass Gitea its ports as above
|
|
###
|
|
#CapabilityBoundingSet=CAP_NET_BIND_SERVICE
|
|
#AmbientCapabilities=CAP_NET_BIND_SERVICE
|
|
###
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|