Home Explore Help
Register Sign In
OWEALs
/
PeerTube
mirror of https://github.com/Chocobozzz/PeerTube.git
2
1
Fork 0
Files Issues 2 Wiki
Tree: da948b75ca
Branches Tags
PeerTube
/
support
/
systemd
/
peertube.service

peertube.service 1.1 KB
History Raw

123456789101112131415161718192021222324252627282930313233 
  1. [Unit]
    2. 

  2. Description=PeerTube daemon
    3. 

  3. After=network.target postgresql.service redis-server.service
    4. 

  4. 

  5. [Service]
    6. 

  6. Type=simple
    7. 

  7. Environment=NODE_ENV=production
    8. 

  8. Environment=NODE_CONFIG_DIR=/var/www/peertube/config
    9. 

  9. User=peertube
    10. 

  10. Group=peertube
    11. 

  11. ExecStart=/usr/bin/node dist/server
    12. 

  12. WorkingDirectory=/var/www/peertube/peertube-latest
    13. 

  13. SyslogIdentifier=peertube
    14. 

  14. Restart=always
    15. 

  15. 

  16. ; Some security directives.
    17. 

  17. ; Mount /usr, /boot, and /etc as read-only for processes invoked by this service.
    18. 

  18. ProtectSystem=full
    19. 

  19. ; Sets up a new /dev mount for the process and only adds API pseudo devices
    20. 

  20. ; like /dev/null, /dev/zero or /dev/random but not physical devices. Disabled
    21. 

  21. ; by default because it may not work on devices like the Raspberry Pi.
    22. 

  22. PrivateDevices=false
    23. 

  23. ; Ensures that the service process and all its children can never gain new
    24. 

  24. ; privileges through execve().
    25. 

  25. NoNewPrivileges=true
    26. 

  26. ; This makes /home, /root, and /run/user inaccessible and empty for processes invoked
    27. 

  27. ; by this unit. Make sure that you do not depend on data inside these folders.
    28. 

  28. ProtectHome=true
    29. 

  29. ; Drops the sys admin capability from the daemon.
    30. 

  30. CapabilityBoundingSet=~CAP_SYS_ADMIN
    31. 

  31. 

  32. [Install]
    33. 

  33. WantedBy=multi-user.target
    34.