bookwyrm/contrib/systemd/bookwyrm.service

[Unit]
Description=BookWyrm
After=network.target postgresql.service redis.service

[Service]P
User=bookwyrm
Group=bookwyrm
WorkingDirectory=/opt/bookwyrm
ExecStart=/opt/bookwyrm/venv/bin/gunicorn bookwyrm.wsgi:application --threads=8 --bind 0.0.0.0:8000
StandardOutput=journal
StandardError=inherit
ProtectSystem=strict
ProtectHome=tmpfs
InaccessiblePaths=-/media -/mnt -/srv
PrivateTmp=yes
TemporaryFileSystem=/var /run /opt
PrivateUsers=true
PrivateDevices=true
BindReadOnlyPaths=/opt/bookwyrm
BindPaths=/opt/bookwyrm/images /opt/bookwyrm/static /var/run/postgresql
LockPersonality=yes
MemoryDenyWriteExecute=true
PrivateMounts=true
ProtectHostname=true
ProtectClock=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectKernelLogs=true
ProtectControlGroups=true
RestrictRealtime=true
RestrictNamespaces=net

[Install]
WantedBy=multi-user.target
Add systemd service files for bookwyrm front, worker and scheduler 2022-11-15 16:32:12 +01:00			`[Unit]`
			`Description=BookWyrm`
Add redis.service in After for bookwyrm and bookwyrm-scheduler services 2022-12-30 17:35:11 +01:00			`After=network.target postgresql.service redis.service`
Add systemd service files for bookwyrm front, worker and scheduler 2022-11-15 16:32:12 +01:00
Tag version 0.7.0. -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEHCg/i5LQ+bsUm3NgpDqESxFPmwgFAmUz+08ACgkQpDqESxFP mwgs3w/7BgDnbP68IKA6r59JqWGIYmtSdP+U092b7tyrKWsK/RbEfuUowt6qx2+I p2BHmWNOToueMHr8nWwWEVyZvXfuFxFV03a3WXD6ifCss0zPZVRVfpENPptxqyxy 1A8dVveycM8Bv3ZcemMsHsx2ocPqdeBFB+TjHespq2RFg8miWK4D3+UpgguorCa0 qiS8R0ZQERRIWZnnKxgaJ+Sme+2aMbF/lUslL+1dnTeHrEMVGpmBiKXELV6TYYE2 Tmw8gSZKpe9K98e3NN1K94TGEruAJuZtGc8ekxRMaEXRDMvjasK1Nznz4FUNHsbM ExwDY1+7FEA5D3T/PIlhtAdf6szeHvRs1mIoEbtLw3T+OIIfNugkqnUz0Xv5Bz9+ kKoWxxFmvYNHZxEggTQT4ik0ufaMuEHMQofYtKHJPqzottgS0cdV+cusda87hZ95 3+0RH8vJYzYk1iPlkdtct5p6f9mMljF9T91PcHrbb9GgOI8NKBmHyQWtpIDB00lT MQEhbtz2VUy572JB3w8vXXPb79L700Obrw7DZXk/K4c0ULM27fZX+PCbXKKITR5H vnsrhQcVT4FP46nRDAz0COWVdAsC7SrLPhoq9WmWR4WVea/PpvIsODURLdmmsGIy lqj2WnF6LiY965JLvCtbuyDO2wNMXjv24j+22aPmZ12wgwe14N8= =vWVR -----END PGP SIGNATURE----- Merge tag 'v0.7.0' into nix 2023-10-24 23:07:11 +02:00			`[Service]P`
Add systemd service files for bookwyrm front, worker and scheduler 2022-11-15 16:32:12 +01:00			`User=bookwyrm`
			`Group=bookwyrm`
Add sandboxing to systemd examples 2023-08-19 12:02:04 +02:00			`WorkingDirectory=/opt/bookwyrm`
increase prod to 8 threads 2023-08-20 10:26:44 +10:00			`ExecStart=/opt/bookwyrm/venv/bin/gunicorn bookwyrm.wsgi:application --threads=8 --bind 0.0.0.0:8000`
Add systemd service files for bookwyrm front, worker and scheduler 2022-11-15 16:32:12 +01:00			`StandardOutput=journal`
			`StandardError=inherit`
Add sandboxing to systemd examples 2023-08-19 12:02:04 +02:00			`ProtectSystem=strict`
			`ProtectHome=tmpfs`
			`InaccessiblePaths=-/media -/mnt -/srv`
			`PrivateTmp=yes`
			`TemporaryFileSystem=/var /run /opt`
			`PrivateUsers=true`
			`PrivateDevices=true`
			`BindReadOnlyPaths=/opt/bookwyrm`
			`BindPaths=/opt/bookwyrm/images /opt/bookwyrm/static /var/run/postgresql`
			`LockPersonality=yes`
			`MemoryDenyWriteExecute=true`
			`PrivateMounts=true`
			`ProtectHostname=true`
			`ProtectClock=true`
			`ProtectKernelTunables=true`
			`ProtectKernelModules=true`
			`ProtectKernelLogs=true`
			`ProtectControlGroups=true`
			`RestrictRealtime=true`
			`RestrictNamespaces=net`
Add systemd service files for bookwyrm front, worker and scheduler 2022-11-15 16:32:12 +01:00
			`[Install]`
			`WantedBy=multi-user.target`