matrix/roles/synapse/templates/synapse.service.j2

45 lines
1.8 KiB
Plaintext
Raw Normal View History

[Unit]
Description={{ synapse_systemd_unit_description }}
{% if synapse_systemd_unit_after | default([]) | length > 0 %}
After={{ synapse_systemd_unit_after | join(' ') }}
{% endif %}
{% if synapse_systemd_unit_wants | default([]) | length > 0 %}
Wants={{ synapse_systemd_unit_wants | join(' ') }}
{% endif %}
[Service]
Type={{ synapse_systemd_service_type }}
WorkingDirectory={{ synapse_venv_path }}
ExecStart={{ synapse_systemd_service_exec_start }}
ExecStop={{ synapse_systemd_service_exec_stop }}
ExecReload={{ synapse_systemd_service_exec_reload }}
User={{ synapse_run_user }}
Group={{ synapse_run_group }}
Restart={{ synapse_systemd_service_restart }}
ProtectSystem={{ synapse_systemd_service_protect_system }}
ProtectHome={{ synapse_systemd_service_protect_home }}
ProtectClock={{ synapse_systemd_service_protect_clock }}
ProtectHostname={{ synapse_systemd_service_protect_hostname }}
ProtectKernelLogs={{ synapse_systemd_service_protect_protect_kernel_logs }}
ProtectKernelModules={{ synapse_systemd_service_protect_protect_kernel_modules }}
ProtectKernelTunables={{ synapse_systemd_service_protect_protect_control_groups }}
ProtectControlGroups={{ synapse_systemd_service_protect_protect_control_groups }}
RestrictNamespaces={{ synapse_systemd_service_restrict_namespaces }}
RestrictSUIDSGID={{ synapse_systemd_service_restrict_suid_sgid }}
{% for path in synapse_systemd_service_read_write_paths | default([]) %}
ReadWritePaths={{ path }}
{% endfor %}
RestrictAddressFamilies={{ synapse_systemd_service_restrict_address_families | join(' ') }}
RemoveIPC={{ synapse_systemd_service_remove_ipc }}
LockPersonality={{ synapse_systemd_service_lock_personality }}
NoNewPrivileges={{ synapse_systemd_service_no_new_privileges }}
[Install]
WantedBy={{ synapse_systemd_install_wanted_by }}