Service file changes

This commit is contained in:
Alex Manning 2021-02-26 12:07:11 +00:00
parent 269e501c57
commit cac1c44b04
2 changed files with 46 additions and 66 deletions

View file

@ -1,18 +1,60 @@
[Unit]
Description=Gitea git hosting.
After=mariadb.service
[Service]
Execstart=/usr/bin/gitea web
User=git
Group=git
RuntimeDirectory=gitea
StateDirectory=gitea
ConfigurationDirectory=gitea
PIDFile=/run/gitea/gitea.pid
PrivateDevices=yes
MemoryMax=1G
MemoryHigh=750M
MemorySwapMax=1G
CPUWeight=50
ConfigurationDirectory=gitea
RuntimeDirectory=gitea
StateDirectory=gitea
Restart=always
PrivateTmp=yes
PrivateDevices=true
PrivateUsers=true
DevicePolicy=closed
ProtectSystem=strict
ProtectHome=tmpfs
BindPaths=/home/git
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectClock=true
ProtectKernelLogs=yes
ProtectHostname=yes
RestrictAddressFamilies=AF_INET AF_INET6
RestrictNamespaces=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
NoNewPrivileges=yes
LockPersonality=yes
ReadWritePaths=/srv/containers/git
MemoryDenyWriteExecute=yes
#SystemCallFilter=@file-system
CapabilityBoundingSet=
SystemCallArchitectures=native
SystemCallFilter=@system-service
SystemCallErrorNumber=EPERM
[Install]
WantedBy=multi-user.target

View file

@ -1,62 +0,0 @@
%global forgeurl https://github.com/go-gitea/gitea
Version: 1.13.2
%forgemeta
Name: gitea
Release: 1%{?dist}
Summary: Gitea
License: MIT
URL: %forgeurl
Source0: %forgesource
Source1: gitea.service
BuildRequires: golang
BuildRequires: nodejs
BuildRequires: systemd-rpm-macros
BuildRequires: gcc
%description
Gitea
%global debug_package %{nil}
%post
%systemd_post gitea.service
%preun
%systemd_preun gitea.service
%postun
%systemd_postun_with_restart gitea.service
%prep
%autosetup
%build
%global ldflags -X \"code.gitea.io/gitea/modules/setting.CustomPath=/etc/gitea/\" -X \"code.gitea.io/gitea/modules/setting.AppWorkPath=/var/lib/gitea\" -X \"code.gitea.io/gitea/modules/setting.StaticRootPath=/var/lib/gitea/static\" -X \"code.gitea.io/gitea/modules/setting.PIDFile=/run/gitea/gitea.pid\"
TAGS="bindata" LDFLAGS="%{ldflags}" %{__make} build
%install
install -m 0755 -D gitea %{buildroot}%{_bindir}/gitea
install -D %{SOURCE1} %{buildroot}%{_unitdir}/gitea.service
mkdir -p %{buildroot}%{_sysconfdir}/gitea
mkdir -p %{buildroot}%{_libdir}/gitea
mkdir -p %{buildroot}%{_rundir}/gitea
%files
%license LICENSE
%doc README.md
%config(noreplace) %{_sysconfdir}/gitea
%{_rundir}/gitea
%{_libdir}/gitea
/usr/bin/gitea
%{_unitdir}/gitea.service
%changelog
* Wed Feb 24 18:41:47 GMT 2021 Alex Manning <git@alex-m.co.uk>
-