23c8ffeae9
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEHCg/i5LQ+bsUm3NgpDqESxFPmwgFAmUz+08ACgkQpDqESxFP mwgs3w/7BgDnbP68IKA6r59JqWGIYmtSdP+U092b7tyrKWsK/RbEfuUowt6qx2+I p2BHmWNOToueMHr8nWwWEVyZvXfuFxFV03a3WXD6ifCss0zPZVRVfpENPptxqyxy 1A8dVveycM8Bv3ZcemMsHsx2ocPqdeBFB+TjHespq2RFg8miWK4D3+UpgguorCa0 qiS8R0ZQERRIWZnnKxgaJ+Sme+2aMbF/lUslL+1dnTeHrEMVGpmBiKXELV6TYYE2 Tmw8gSZKpe9K98e3NN1K94TGEruAJuZtGc8ekxRMaEXRDMvjasK1Nznz4FUNHsbM ExwDY1+7FEA5D3T/PIlhtAdf6szeHvRs1mIoEbtLw3T+OIIfNugkqnUz0Xv5Bz9+ kKoWxxFmvYNHZxEggTQT4ik0ufaMuEHMQofYtKHJPqzottgS0cdV+cusda87hZ95 3+0RH8vJYzYk1iPlkdtct5p6f9mMljF9T91PcHrbb9GgOI8NKBmHyQWtpIDB00lT MQEhbtz2VUy572JB3w8vXXPb79L700Obrw7DZXk/K4c0ULM27fZX+PCbXKKITR5H vnsrhQcVT4FP46nRDAz0COWVdAsC7SrLPhoq9WmWR4WVea/PpvIsODURLdmmsGIy lqj2WnF6LiY965JLvCtbuyDO2wNMXjv24j+22aPmZ12wgwe14N8= =vWVR -----END PGP SIGNATURE----- Merge tag 'v0.7.0' into nix
34 lines
847 B
Desktop File
34 lines
847 B
Desktop File
[Unit]
|
|
Description=BookWyrm
|
|
After=network.target postgresql.service redis.service
|
|
|
|
[Service]P
|
|
User=bookwyrm
|
|
Group=bookwyrm
|
|
WorkingDirectory=/opt/bookwyrm
|
|
ExecStart=/opt/bookwyrm/venv/bin/gunicorn bookwyrm.wsgi:application --bind 0.0.0.0:8000
|
|
StandardOutput=journal
|
|
StandardError=inherit
|
|
ProtectSystem=strict
|
|
ProtectHome=tmpfs
|
|
InaccessiblePaths=-/media -/mnt -/srv
|
|
PrivateTmp=yes
|
|
TemporaryFileSystem=/var /run /opt
|
|
PrivateUsers=true
|
|
PrivateDevices=true
|
|
BindReadOnlyPaths=/opt/bookwyrm
|
|
BindPaths=/opt/bookwyrm/images /opt/bookwyrm/static /var/run/postgresql
|
|
LockPersonality=yes
|
|
MemoryDenyWriteExecute=true
|
|
PrivateMounts=true
|
|
ProtectHostname=true
|
|
ProtectClock=true
|
|
ProtectKernelTunables=true
|
|
ProtectKernelModules=true
|
|
ProtectKernelLogs=true
|
|
ProtectControlGroups=true
|
|
RestrictRealtime=true
|
|
RestrictNamespaces=net
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|