2017-08-08 01:41:36 +02:00
[Unit]
Description = Pleroma social network
After = network.target postgresql.service
[Service]
ExecReload = /bin/kill $MAINPID
KillMode = process
Restart = on-failure
2019-01-17 19:49:54 +01:00
; Name of the user that runs the Pleroma service.
User = pleroma
; Declares that Pleroma runs in production mode.
Environment = "MIX_ENV=prod"
; Make sure that all paths fit your installation.
; Path to the home directory of the user running the Pleroma service.
2019-02-10 20:25:34 +01:00
Environment = "HOME=/var/lib/pleroma"
2019-01-17 19:49:54 +01:00
; Path to the folder containing the Pleroma installation.
2019-02-10 20:25:34 +01:00
WorkingDirectory = /opt/pleroma
2020-07-14 06:31:21 +02:00
; Path to the environment file. the file contains RELEASE_COOKIE and etc
EnvironmentFile = /opt/pleroma/config/pleroma.env
2019-01-17 19:49:54 +01:00
; Path to the Mix binary.
ExecStart = /usr/bin/mix phx.server
2018-10-25 00:37:31 +02:00
; Some security directives.
; Use private /tmp and /var/tmp folders inside a new file system namespace, which are discarded after the process stops.
PrivateTmp = true
2019-02-10 20:25:34 +01:00
; The /home, /root, and /run/user folders can not be accessed by this service anymore. If your Pleroma user has its home folder in one of the restricted places, or use one of these folders as its working directory, you have to set this to false.
ProtectHome = true
2018-10-25 00:57:47 +02:00
; Mount /usr, /boot, and /etc as read-only for processes invoked by this service.
2018-10-25 00:37:31 +02:00
ProtectSystem = full
; Sets up a new /dev mount for the process and only adds API pseudo devices like /dev/null, /dev/zero or /dev/random but not physical devices. Disabled by default because it may not work on devices like the Raspberry Pi.
PrivateDevices = false
2018-12-28 21:09:48 +01:00
; Drops the sysadmin capability from the daemon.
CapabilityBoundingSet = ~CAP_SYS_ADMIN
2018-10-25 00:37:31 +02:00
2017-08-08 01:41:36 +02:00
[Install]
WantedBy = multi-user.target