mirror of
https://github.com/YunoHost-Apps/airsonic_ynh.git
synced 2024-09-03 18:06:14 +02:00
59 lines
No EOL
1.9 KiB
Desktop File
59 lines
No EOL
1.9 KiB
Desktop File
# source file https://raw.githubusercontent.com/airsonic/airsonic/master/contrib/airsonic.service
|
|
# install documentation : https://airsonic.github.io/docs/install/war-standalone/
|
|
|
|
[Unit]
|
|
Description=__APP__ Media Server
|
|
After=remote-fs.target network.target
|
|
AssertPathExists=__FINALPATH__
|
|
|
|
[Service]
|
|
Type=simple
|
|
Environment="JAVA_OPTS=-Xmx256m"
|
|
Environment="JAVA_ARGS="
|
|
EnvironmentFile=-/etc/default/__APP__
|
|
ExecStart=/usr/bin/java \
|
|
$JAVA_OPTS \
|
|
-Dairsonic.home=${AIRSONIC_HOME} \
|
|
-Dserver.context-path=${CONTEXT_PATH} \
|
|
-Dserver.port=${PORT} \
|
|
-jar ${JAVA_JAR} $JAVA_ARGS
|
|
User=__APP__
|
|
Group=__APP__
|
|
|
|
# See https://www.freedesktop.org/software/systemd/man/systemd.exec.html
|
|
# for details
|
|
DevicePolicy=closed
|
|
DeviceAllow=char-alsa rw
|
|
NoNewPrivileges=yes
|
|
PrivateTmp=yes
|
|
PrivateUsers=yes
|
|
ProtectControlGroups=yes
|
|
ProtectKernelModules=yes
|
|
ProtectKernelTunables=yes
|
|
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
|
|
RestrictNamespaces=yes
|
|
RestrictRealtime=yes
|
|
SystemCallFilter=~@clock @debug @module @mount @obsolete @privileged @reboot @setuid @swap
|
|
ReadWritePaths=/var/airsonic
|
|
|
|
# You can uncomment the following line if you're not using the jukebox
|
|
# This will prevent airsonic from accessing any real (physical) devices
|
|
#PrivateDevices=yes
|
|
|
|
# You can change the following line to `strict` instead of `full`
|
|
# if you don't want airsonic to be able to
|
|
# write anything on your filesystem outside of AIRSONIC_HOME.
|
|
ProtectSystem=full
|
|
|
|
# You can uncomment the following line if you don't have any media
|
|
# in /home/…. This will prevent airsonic from ever reading/writing anything there.
|
|
#ProtectHome=true
|
|
|
|
# You can uncomment the following line if you're not using the OpenJDK.
|
|
# This will prevent processes from having a memory zone that is both writeable
|
|
# and executeable, making hacker's lifes a bit harder.
|
|
#MemoryDenyWriteExecute=yes
|
|
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target |