miniflux/packaging/systemd/miniflux.service
Frédéric Guillot 012eb61c52 Tweak watchdog
2021-05-22 20:25:38 -07:00

63 lines
2.2 KiB
Desktop File

# Changing the systemd config can be done like this:
# 1) Edit the config file: systemctl edit --full miniflux
# 2) Restart the process: systemctl restart miniflux
# All your changes can be reverted with `systemctl revert miniflux.service`.
# See https://wiki.archlinux.org/index.php/Systemd#Editing_provided_units.
[Unit]
Description=Miniflux
After=network.target postgresql.service
[Service]
ExecStart=/usr/bin/miniflux
EnvironmentFile=/etc/miniflux.conf
User=miniflux
# https://www.freedesktop.org/software/systemd/man/systemd.service.html#Type=
Type=notify
# https://www.freedesktop.org/software/systemd/man/systemd.service.html#WatchdogSec=
WatchdogSec=60s
WatchdogSignal=SIGKILL
# https://www.freedesktop.org/software/systemd/man/systemd.service.html#Restart=
Restart=always
# https://www.freedesktop.org/software/systemd/man/systemd.service.html#RestartSec=
RestartSec=5
# https://www.freedesktop.org/software/systemd/man/systemd.exec.html#NoNewPrivileges=
NoNewPrivileges=true
# https://www.freedesktop.org/software/systemd/man/systemd.exec.html#PrivateDevices=
PrivateDevices=true
# https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectControlGroups=
ProtectControlGroups=true
# https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectHome=
ProtectHome=true
# https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectKernelModules=
ProtectKernelModules=true
# https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectKernelTunables=
ProtectKernelTunables=true
# https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectSystem=
ProtectSystem=strict
# https://www.freedesktop.org/software/systemd/man/systemd.exec.html#RestrictRealtime=
RestrictRealtime=true
# Keep at least the /run folder writeable if Miniflux is configured to use a Unix socket.
# For example, the socket could be LISTEN_ADDR=/run/miniflux/miniflux.sock
# https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ReadWritePaths=
ReadWritePaths=/run
# Allow miniflux to bind to privileged ports
# https://www.freedesktop.org/software/systemd/man/systemd.exec.html#AmbientCapabilities=
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target