# source file https://raw.githubusercontent.com/airsonic/airsonic/master/contrib/airsonic.service # install documentation : https://airsonic.github.io/docs/install/war-standalone/ [Unit] Description=__APP__ Media Server After=remote-fs.target network.target AssertPathExists=__FINALPATH__ [Service] Type=simple User=__APP__ Group=__APP__ Environment="JAVA_OPTS=-Xmx256m" Environment="JAVA_ARGS=" EnvironmentFile=-/etc/default/__APP__ ExecStart=/usr/bin/java \ $JAVA_OPTS \ -Dairsonic.home=${AIRSONIC_HOME} \ -Dserver.servlet.context-path=${CONTEXT_PATH} \ -Dserver.port=${PORT} \ -jar ${JAVA_JAR} $JAVA_ARGS # See https://www.freedesktop.org/software/systemd/man/systemd.exec.html # for details DeviceAllow=char-alsa rw NoNewPrivileges=yes PrivateTmp=yes PrivateUsers=yes RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 RestrictNamespaces=yes RestrictRealtime=yes DevicePolicy=closed SystemCallFilter=~@clock @debug @module @mount @obsolete @privileged @reboot @setuid @swap ReadWritePaths=__FINALPATH__ # You can uncomment the following line if you're not using the jukebox # This will prevent airsonic from accessing any real (physical) devices #PrivateDevices=yes # You can change the following line to `strict` instead of `full` # if you don't want airsonic to be able to # write anything on your filesystem outside of AIRSONIC_HOME. ProtectSystem=full ProtectControlGroups=yes ProtectKernelModules=yes ProtectKernelTunables=yes # You can uncomment the following line if you don't have any media # in /home/…. This will prevent airsonic from ever reading/writing anything there. #ProtectHome=true # You can uncomment the following line if you're not using the OpenJDK. # This will prevent processes from having a memory zone that is both writeable # and executeable, making hacker's lifes a bit harder. #MemoryDenyWriteExecute=yes [Install] WantedBy=multi-user.target