copr-extras-online/gitea/gitea.service
2021-02-26 12:07:11 +00:00

60 lines
987 B
Desktop File

[Unit]
Description=Gitea git hosting.
After=mariadb.service
[Service]
Execstart=/usr/bin/gitea web
User=git
Group=git
PIDFile=/run/gitea/gitea.pid
PrivateDevices=yes
MemoryMax=1G
MemoryHigh=750M
MemorySwapMax=1G
CPUWeight=50
ConfigurationDirectory=gitea
RuntimeDirectory=gitea
StateDirectory=gitea
Restart=always
PrivateTmp=yes
PrivateDevices=true
PrivateUsers=true
DevicePolicy=closed
ProtectSystem=strict
ProtectHome=tmpfs
BindPaths=/home/git
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectClock=true
ProtectKernelLogs=yes
ProtectHostname=yes
RestrictAddressFamilies=AF_INET AF_INET6
RestrictNamespaces=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
NoNewPrivileges=yes
LockPersonality=yes
ReadWritePaths=/srv/containers/git
MemoryDenyWriteExecute=yes
#SystemCallFilter=@file-system
CapabilityBoundingSet=
SystemCallArchitectures=native
SystemCallFilter=@system-service
SystemCallErrorNumber=EPERM
[Install]
WantedBy=multi-user.target