[Unit] Description=vaultwarden Server (Rust Edition) Documentation=https://github.com/dani-garcia/vaultwarden After=network.target [Service] # The user/group vaultwarden is run under. the working directory (see below) should allow write and read access to this user/group User=__APP__ Group=__APP__ WorkingDirectory=__FINALPATH__/live/ ReadWriteDirectories=__FINALPATH__/live/ __DATADIR__ /var/log/__APP__/ EnvironmentFile=__FINALPATH__/live/.env ExecStart=__FINALPATH__/live/vaultwarden # Set reasonable connection and process limits LimitNOFILE=1048576 LimitNPROC=64 # Sandboxing options to harden security # Depending on specificities of your service/app, you may need to tweak these # .. but this should be a good baseline # Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html PrivateTmp=yes PrivateDevices=yes ProtectHome=false ProtectSystem=strict [Install] WantedBy=multi-user.target