45 lines
1.8 KiB
Plaintext
45 lines
1.8 KiB
Plaintext
|
[Unit]
|
||
|
Description={{ synapse_systemd_unit_description }}
|
||
|
|
||
|
{% if synapse_systemd_unit_after | default([]) | length > 0 %}
|
||
|
After={{ synapse_systemd_unit_after | join(' ') }}
|
||
|
{% endif %}
|
||
|
{% if synapse_systemd_unit_wants | default([]) | length > 0 %}
|
||
|
Wants={{ synapse_systemd_unit_wants | join(' ') }}
|
||
|
{% endif %}
|
||
|
|
||
|
[Service]
|
||
|
Type={{ synapse_systemd_service_type }}
|
||
|
WorkingDirectory={{ synapse_venv_path }}
|
||
|
ExecStart={{ synapse_systemd_service_exec_start }}
|
||
|
ExecStop={{ synapse_systemd_service_exec_stop }}
|
||
|
ExecReload={{ synapse_systemd_service_exec_reload }}
|
||
|
|
||
|
User={{ synapse_run_user }}
|
||
|
Group={{ synapse_run_group }}
|
||
|
|
||
|
Restart={{ synapse_systemd_service_restart }}
|
||
|
|
||
|
ProtectSystem={{ synapse_systemd_service_protect_system }}
|
||
|
ProtectHome={{ synapse_systemd_service_protect_home }}
|
||
|
ProtectClock={{ synapse_systemd_service_protect_clock }}
|
||
|
ProtectHostname={{ synapse_systemd_service_protect_hostname }}
|
||
|
ProtectKernelLogs={{ synapse_systemd_service_protect_protect_kernel_logs }}
|
||
|
ProtectKernelModules={{ synapse_systemd_service_protect_protect_kernel_modules }}
|
||
|
ProtectKernelTunables={{ synapse_systemd_service_protect_protect_control_groups }}
|
||
|
ProtectControlGroups={{ synapse_systemd_service_protect_protect_control_groups }}
|
||
|
|
||
|
RestrictNamespaces={{ synapse_systemd_service_restrict_namespaces }}
|
||
|
RestrictSUIDSGID={{ synapse_systemd_service_restrict_suid_sgid }}
|
||
|
{% for path in synapse_systemd_service_read_write_paths | default([]) %}
|
||
|
ReadWritePaths={{ path }}
|
||
|
{% endfor %}
|
||
|
RestrictAddressFamilies={{ synapse_systemd_service_restrict_address_families | join(' ') }}
|
||
|
|
||
|
RemoveIPC={{ synapse_systemd_service_remove_ipc }}
|
||
|
LockPersonality={{ synapse_systemd_service_lock_personality }}
|
||
|
NoNewPrivileges={{ synapse_systemd_service_no_new_privileges }}
|
||
|
|
||
|
[Install]
|
||
|
WantedBy={{ synapse_systemd_install_wanted_by }}
|