You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
34 lines
1.1 KiB
INI
34 lines
1.1 KiB
INI
[Unit]
|
|||
Description=PeerTube daemon
|
|||
After=network.target postgresql.service redis-server.service
|
|||
|
|||
[Service]
|
|||
Type=simple
|
|||
Environment=NODE_ENV=production
|
|||
Environment=NODE_CONFIG_DIR=/var/www/peertube/config
|
|||
User=peertube
|
|||
Group=peertube
|
|||
ExecStart=/usr/bin/node dist/server
|
|||
WorkingDirectory=/var/www/peertube/peertube-latest
|
|||
SyslogIdentifier=peertube
|
|||
Restart=always
|
|||
|
|||
; Some security directives.
|
|||
; Mount /usr, /boot, and /etc as read-only for processes invoked by this service.
|
|||
ProtectSystem=full
|
|||
; Sets up a new /dev mount for the process and only adds API pseudo devices
|
|||
; like /dev/null, /dev/zero or /dev/random but not physical devices. Disabled
|
|||
; by default because it may not work on devices like the Raspberry Pi.
|
|||
PrivateDevices=false
|
|||
; Ensures that the service process and all its children can never gain new
|
|||
; privileges through execve().
|
|||
NoNewPrivileges=true
|
|||
; This makes /home, /root, and /run/user inaccessible and empty for processes invoked
|
|||
; by this unit. Make sure that you do not depend on data inside these folders.
|
|||
ProtectHome=true
|
|||
; Drops the sys admin capability from the daemon.
|
|||
CapabilityBoundingSet=~CAP_SYS_ADMIN
|
|||
|
|||
[Install]
|
|||
WantedBy=multi-user.target
|
