diff options
Diffstat (limited to 'navidrome-bin.service')
-rw-r--r-- | navidrome-bin.service | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/navidrome-bin.service b/navidrome-bin.service new file mode 100644 index 000000000000..0cf52377c66f --- /dev/null +++ b/navidrome-bin.service @@ -0,0 +1,49 @@ +[Unit] +Description=Navidrome Music Server and Streamer compatible with Subsonic/Airsonic +After=remote-fs.target network.target +AssertPathExists=/etc/navidrome + +[Install] +WantedBy=multi-user.target + +[Service] +User=navidrome +Group=navidrome +DynamicUser=yes +ExecStart=/usr/bin/navidrome --configfile "/etc/navidrome/navidrome.toml" +StateDirectory=navidrome +WorkingDirectory=/var/lib/navidrome +Environment=HOME=/var/lib/navidrome +TimeoutStopSec=20 +KillMode=process +Restart=on-failure + +# See https://www.freedesktop.org/software/systemd/man/systemd.exec.html +DevicePolicy=closed +NoNewPrivileges=yes +PrivateTmp=yes +PrivateUsers=yes +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap +ReadWritePaths=/var/lib/navidrome + +# You can uncomment the following line if you're not using the jukebox This +# will prevent navidrome from accessing any real (physical) devices +#PrivateDevices=yes + +# You can change the following line to `strict` instead of `full` if you don't +# want navidrome to be able to write anything on your filesystem outside of +# /var/lib/navidrome. +ProtectSystem=full + +# You can uncomment the following line if you don't have any media in /home/*. +# This will prevent navidrome from ever reading/writing anything there. +#ProtectHome=true + +# You can customize some Navidrome config options by setting environment variables here. Ex: +#Environment=ND_BASEURL="/navidrome" |