1 files changed, 45 insertions, 0 deletions

diff --git a/forgejo.service b/forgejo.service
new file mode 100644
index 000000000000..1167c24395bd
--- /dev/null
+++ b/forgejo.service
@@ -0,0 +1,45 @@
+[Unit]
+Description=Forgejo (Beyong coding. We forge.)
+After=syslog.target
+After=network.target
+After=mysqld.service
+After=postgresql.service
+After=memcached.service
+After=redis.service
+
+[Service]
+User=forgejo
+Group=forgejo
+Type=simple
+WorkingDirectory=~
+RuntimeDirectory=forgejo
+LogsDirectory=forgejo
+StateDirectory=forgejo
+Environment=USER=forgejo HOME=/var/lib/forgejo GITEA_WORK_DIR=/var/lib/forgejo
+ExecStart=/usr/bin/forgejo web -c /etc/forgejo/app.ini
+Restart=always
+RestartSec=2s
+CapabilityBoundingSet=
+NoNewPrivileges=True
+ProtectSystem=strict
+ProtectHome=true
+ReadWritePaths=/etc/forgejo/app.ini
+PrivateTmp=true
+PrivateDevices=true
+PrivateUsers=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+LockPersonality=true
+MemoryDenyWriteExecute=true
+RestrictRealtime=true
+RestrictSUIDSGID=true
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+SystemCallErrorNumber=EPERM
+
+[Install]
+WantedBy=multi-user.target