mirror of
https://github.com/msfjarvis/server-config
synced 2025-08-14 08:17:01 +05:30
36 lines
828 B
Desktop File
36 lines
828 B
Desktop File
[Unit]
|
|
Description=Gitea (Git with a cup of tea)
|
|
After=syslog.target
|
|
After=network.target
|
|
Requires=postgresql.service
|
|
|
|
[Service]
|
|
LimitMEMLOCK=infinity
|
|
LimitNOFILE=65535
|
|
RestartSec=2s
|
|
Type=simple
|
|
User=git
|
|
Group=git
|
|
WorkingDirectory=/var/lib/gitea/
|
|
ExecStart=/usr/local/bin/gitea web -c /etc/gitea/app.ini
|
|
Restart=always
|
|
Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/var/lib/gitea
|
|
ReadWriteDirectories=/var/lib/gitea
|
|
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
|
|
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
|
|
|
# Security
|
|
PrivateTmp=true
|
|
ProtectSystem=full
|
|
NoNewPrivileges=true
|
|
ProtectControlGroups=true
|
|
ProtectKernelModules=true
|
|
ProtectKernelTunables=true
|
|
PrivateDevices=true
|
|
RestrictAddressFamilies=AF_INET AF_INET6
|
|
RestrictNamespaces=true
|
|
RestrictRealtime=true
|
|
SystemCallArchitectures=native
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|