miniflux/packaging/systemd/miniflux.service

# Changing the systemd config can be done like this:
# 1) Edit the config file: systemctl edit --full miniflux
# 2) Restart the process: systemctl restart miniflux
# All your changes can be reverted with `systemctl revert miniflux.service`.
# See https://wiki.archlinux.org/index.php/Systemd#Editing_provided_units.

[Unit]
Description=Miniflux
After=network.target postgresql.service

[Service]
ExecStart=/usr/bin/miniflux
EnvironmentFile=/etc/miniflux.conf
User=miniflux

# https://www.freedesktop.org/software/systemd/man/systemd.service.html#Type=
Type=notify

# https://www.freedesktop.org/software/systemd/man/systemd.service.html#WatchdogSec=
WatchdogSec=60s
WatchdogSignal=SIGKILL

# https://www.freedesktop.org/software/systemd/man/systemd.service.html#Restart=
Restart=always

# https://www.freedesktop.org/software/systemd/man/systemd.service.html#RestartSec=
RestartSec=5

# https://www.freedesktop.org/software/systemd/man/systemd.exec.html#NoNewPrivileges=
NoNewPrivileges=true

# https://www.freedesktop.org/software/systemd/man/systemd.exec.html#PrivateDevices=
PrivateDevices=true

# https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectControlGroups=
ProtectControlGroups=true

# https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectHome=
ProtectHome=true

# https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectKernelModules=
ProtectKernelModules=true

# https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectKernelTunables=
ProtectKernelTunables=true

# https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectSystem=
ProtectSystem=strict

# https://www.freedesktop.org/software/systemd/man/systemd.exec.html#RestrictRealtime=
RestrictRealtime=true

# Keep at least the /run folder writeable if Miniflux is configured to use a Unix socket.
# For example, the socket could be LISTEN_ADDR=/run/miniflux/miniflux.sock
# https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ReadWritePaths=
ReadWritePaths=/run

# Allow miniflux to bind to privileged ports
# https://www.freedesktop.org/software/systemd/man/systemd.exec.html#AmbientCapabilities=
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target
systemd: keep /run writeable Folks using a unix socket could use /run/miniflux/miniflux.sock without permission issue 2020-11-10 06:06:38 +01:00			`# Changing the systemd config can be done like this:`
Use `systemctl edit` for editing systemd config file This is safer than directly editing the package-supplied version. See https://wiki.archlinux.org/index.php/Systemd#Editing_provided_units. 2021-01-25 13:08:34 +01:00			`# 1) Edit the config file: systemctl edit --full miniflux`
			`# 2) Restart the process: systemctl restart miniflux`
			# All your changes can be reverted with `systemctl revert miniflux.service`.
			`# See https://wiki.archlinux.org/index.php/Systemd#Editing_provided_units.`
systemd: keep /run writeable Folks using a unix socket could use /run/miniflux/miniflux.sock without permission issue 2020-11-10 06:06:38 +01:00
Move RPM build files to main repository 2020-10-19 01:12:00 +02:00			`[Unit]`
Add Systemd watchdog 2021-05-23 03:36:32 +02:00			`Description=Miniflux`
Move RPM build files to main repository 2020-10-19 01:12:00 +02:00			`After=network.target postgresql.service`

			`[Service]`
			`ExecStart=/usr/bin/miniflux`
Systemd readiness notification This change implements the systemd readiness notification, using the sd_notify protocol. See https://www.freedesktop.org/software/systemd/man/sd_notify.html. 2021-03-11 00:10:17 +01:00			`EnvironmentFile=/etc/miniflux.conf`
			`User=miniflux`

Add Systemd watchdog 2021-05-23 03:36:32 +02:00			`# https://www.freedesktop.org/software/systemd/man/systemd.service.html#Type=`
			`Type=notify`

			`# https://www.freedesktop.org/software/systemd/man/systemd.service.html#WatchdogSec=`
Tweak watchdog 2021-05-23 05:25:38 +02:00			`WatchdogSec=60s`
Add Systemd watchdog 2021-05-23 03:36:32 +02:00			`WatchdogSignal=SIGKILL`

			`# https://www.freedesktop.org/software/systemd/man/systemd.service.html#Restart=`
			`Restart=always`

			`# https://www.freedesktop.org/software/systemd/man/systemd.service.html#RestartSec=`
			`RestartSec=5`

systemd: keep /run writeable Folks using a unix socket could use /run/miniflux/miniflux.sock without permission issue 2020-11-10 06:06:38 +01:00			`# https://www.freedesktop.org/software/systemd/man/systemd.exec.html#NoNewPrivileges=`
Move RPM build files to main repository 2020-10-19 01:12:00 +02:00			`NoNewPrivileges=true`
systemd: keep /run writeable Folks using a unix socket could use /run/miniflux/miniflux.sock without permission issue 2020-11-10 06:06:38 +01:00
			`# https://www.freedesktop.org/software/systemd/man/systemd.exec.html#PrivateDevices=`
Move RPM build files to main repository 2020-10-19 01:12:00 +02:00			`PrivateDevices=true`
systemd: keep /run writeable Folks using a unix socket could use /run/miniflux/miniflux.sock without permission issue 2020-11-10 06:06:38 +01:00
			`# https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectControlGroups=`
Move RPM build files to main repository 2020-10-19 01:12:00 +02:00			`ProtectControlGroups=true`
systemd: keep /run writeable Folks using a unix socket could use /run/miniflux/miniflux.sock without permission issue 2020-11-10 06:06:38 +01:00
			`# https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectHome=`
Move RPM build files to main repository 2020-10-19 01:12:00 +02:00			`ProtectHome=true`
systemd: keep /run writeable Folks using a unix socket could use /run/miniflux/miniflux.sock without permission issue 2020-11-10 06:06:38 +01:00
			`# https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectKernelModules=`
Move RPM build files to main repository 2020-10-19 01:12:00 +02:00			`ProtectKernelModules=true`
systemd: keep /run writeable Folks using a unix socket could use /run/miniflux/miniflux.sock without permission issue 2020-11-10 06:06:38 +01:00
			`# https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectKernelTunables=`
Move RPM build files to main repository 2020-10-19 01:12:00 +02:00			`ProtectKernelTunables=true`
systemd: keep /run writeable Folks using a unix socket could use /run/miniflux/miniflux.sock without permission issue 2020-11-10 06:06:38 +01:00
			`# https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectSystem=`
Move RPM build files to main repository 2020-10-19 01:12:00 +02:00			`ProtectSystem=strict`
systemd: keep /run writeable Folks using a unix socket could use /run/miniflux/miniflux.sock without permission issue 2020-11-10 06:06:38 +01:00
			`# https://www.freedesktop.org/software/systemd/man/systemd.exec.html#RestrictRealtime=`
Move RPM build files to main repository 2020-10-19 01:12:00 +02:00			`RestrictRealtime=true`

systemd: keep /run writeable Folks using a unix socket could use /run/miniflux/miniflux.sock without permission issue 2020-11-10 06:06:38 +01:00			`# Keep at least the /run folder writeable if Miniflux is configured to use a Unix socket.`
			`# For example, the socket could be LISTEN_ADDR=/run/miniflux/miniflux.sock`
			`# https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ReadWritePaths=`
			`ReadWritePaths=/run`

Add Systemd watchdog 2021-05-23 03:36:32 +02:00			`# Allow miniflux to bind to privileged ports`
Modify systemd service file Better support to run miniflux with Let's Encrypt, without a reverse proxy. 2020-12-29 11:47:27 +01:00			`# https://www.freedesktop.org/software/systemd/man/systemd.exec.html#AmbientCapabilities=`
			`AmbientCapabilities=CAP_NET_BIND_SERVICE`

Move RPM build files to main repository 2020-10-19 01:12:00 +02:00			`[Install]`
			`WantedBy=multi-user.target`