1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/airsonic_ynh.git synced 2024-09-03 18:06:14 +02:00
airsonic_ynh/conf/systemd.service

59 lines
1.9 KiB
SYSTEMD
Raw Normal View History

2019-02-06 19:37:46 +01:00
# source file https://raw.githubusercontent.com/airsonic/airsonic/master/contrib/airsonic.service
# install documentation : https://airsonic.github.io/docs/install/war-standalone/
[Unit]
Description=__APP__ Media Server
After=remote-fs.target network.target
AssertPathExists=__FINALPATH__
[Service]
Type=simple
2022-09-21 01:03:09 +02:00
User=__APP__
Group=__APP__
Environment="JAVA_OPTS=-Xmx256m"
2019-02-06 19:37:46 +01:00
Environment="JAVA_ARGS="
2019-05-24 21:10:58 +02:00
EnvironmentFile=-/etc/default/__APP__
2019-02-06 19:37:46 +01:00
ExecStart=/usr/bin/java \
$JAVA_OPTS \
-Dairsonic.home=${AIRSONIC_HOME} \
2022-09-21 22:43:56 +02:00
-Dserver.servlet.context-path=${CONTEXT_PATH} \
2019-02-06 19:37:46 +01:00
-Dserver.port=${PORT} \
-jar ${JAVA_JAR} $JAVA_ARGS
# See https://www.freedesktop.org/software/systemd/man/systemd.exec.html
# for details
DeviceAllow=char-alsa rw
NoNewPrivileges=yes
PrivateTmp=yes
PrivateUsers=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictNamespaces=yes
RestrictRealtime=yes
2022-09-21 01:03:09 +02:00
DevicePolicy=closed
SystemCallFilter=~@clock @debug @module @mount @obsolete @privileged @reboot @setuid @swap
ReadWritePaths=__FINALPATH__
# You can uncomment the following line if you're not using the jukebox
# This will prevent airsonic from accessing any real (physical) devices
#PrivateDevices=yes
# You can change the following line to `strict` instead of `full`
# if you don't want airsonic to be able to
# write anything on your filesystem outside of AIRSONIC_HOME.
ProtectSystem=full
2022-09-21 01:03:09 +02:00
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
# You can uncomment the following line if you don't have any media
# in /home/…. This will prevent airsonic from ever reading/writing anything there.
#ProtectHome=true
# You can uncomment the following line if you're not using the OpenJDK.
# This will prevent processes from having a memory zone that is both writeable
# and executeable, making hacker's lifes a bit harder.
#MemoryDenyWriteExecute=yes
2019-02-06 19:37:46 +01:00
[Install]
2022-09-21 01:03:09 +02:00
WantedBy=multi-user.target