hedgedocs.service 1.16 KB
Newer Older
nono's avatar
nono committed
1
2
# {{ ansible_managed }}

nono's avatar
nono committed
3
[Unit]
nono's avatar
nono committed
4
5
Description=HedgeDoc - The best platform to write and share markdown.
Documentation=https://docs.hedgedoc.org/
nono's avatar
nono committed
6
After=network.target
nono's avatar
nono committed
7
8
9
# Uncomment if you use MariaDB/MySQL
# After=mysql.service
# Uncomment if you use PostgreSQL
nono's avatar
nono committed
10
11
12
13
After=postgresql.service

[Service]
Type=exec
nono's avatar
nono committed
14
Environment=NODE_ENV=production
nono's avatar
nono committed
15
Restart=always
nono's avatar
nono committed
16
17
18
19
RestartSec=2s
ExecStart=/usr/bin/yarn start --production
CapabilityBoundingSet=
NoNewPrivileges=true
nono's avatar
nono committed
20
PrivateDevices=true
nono's avatar
nono committed
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
RemoveIPC=true
LockPersonality=true
ProtectControlGroups=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectKernelLogs=true
ProtectClock=true
ProtectHostname=true
ProtectProc=noaccess
RestrictRealtime=true
RestrictSUIDSGID=true
RestrictNamespaces=true
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
ProtectSystem=strict
ProtectHome=true
PrivateTmp=true
SystemCallArchitectures=native
SystemCallFilter=@system-service

# You may have to adjust these settings
User=hedgedocs
Group=hedgedocs
WorkingDirectory=/home/hedgedocs/hedgedoc

# Example: local storage for uploads and SQLite
# ReadWritePaths=/home/hedgedocs/hedgedoc/public/uploads /home/hedgedocs/hedgedoc/db
nono's avatar
nono committed
47
48
49

[Install]
WantedBy=multi-user.target