diff options
author | balki | 2021-03-15 23:50:35 -0400 |
---|---|---|
committer | balki | 2021-03-15 23:50:35 -0400 |
commit | cb300be8556c68653e8b0e11bd394ceffa7da6e1 (patch) | |
tree | ec122c63adad9f8f82baf2739573b2a27257a6ed /navidrome.service | |
download | aur-navidrome-systemd.tar.gz |
initial commit
Diffstat (limited to 'navidrome.service')
-rw-r--r-- | navidrome.service | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/navidrome.service b/navidrome.service new file mode 100644 index 000000000000..e5f172c663bc --- /dev/null +++ b/navidrome.service @@ -0,0 +1,48 @@ +[Unit] +Description=Navidrome Music server +After=network.target +Documentation=https://www.navidrome.org/docs/ +Documentation=https://github.com/navidrome/navidrome/blob/master/contrib/navidrome.service + +[Service] +User=navidrome +Group=navidrome + +ExecStart=/usr/bin/navidrome --configfile /etc/navidrome/navidrome.toml + +StateDirectory=navidrome +WorkingDirectory=/var/lib/navidrome + +# Create this as the user who adds Music files +ReadOnlyPaths=/var/lib/Music + +EnvironmentFile=-/etc/navidrome/envfile + +CapabilityBoundingSet= +AmbientCapabilities= +LockPersonality=true +MemoryDenyWriteExecute=true +NoNewPrivileges=true +PrivateDevices=true +PrivateTmp=true +PrivateUsers=true +ProtectClock=true +ProtectControlGroups=true +ProtectHome=true +ProtectHostname=true +ProtectKernelLogs=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectSystem=strict +ProtectProc=invisible +RemoveIPC=true +RestrictAddressFamilies=AF_INET AF_INET6 +RestrictNamespaces=true +RestrictRealtime=true +RestrictSUIDSGID=true +SystemCallArchitectures=native +SystemCallErrorNumber=EPERM +SystemCallFilter=~@clock @debug @module @mount @obsolete @privileged @reboot @setuid @swap @resources + +[Install] +WantedBy=multi-user.target |