[Unit] Description=GitLab Pages After=syslog.target network.target ConditionFileIsExecutable=/usr/bin/gitlab-pages [Service] User=root Group=root StartLimitInterval=5 StartLimitBurst=10 # systemd cannot handle User=${...}, so wrap it in ExecStart instead EnvironmentFile=/etc/gitlab-pages/service.env ExecStart=/usr/bin/setpriv --inh-caps=-all --clear-groups \ --reuid=${GITLAB_PAGES_UID} --regid=${GITLAB_PAGES_GID} \ /usr/bin/gitlab-pages -config /etc/gitlab-pages/config.cfg Restart=always RestartSec=120 StandardOutput=syslog StandardError=syslog SyslogIdentifier=gitlab-pages PrivateTmp=true ProtectSystem=full ProtectHome=true [Install] WantedBy=multi-user.target