[Unit]
Description=GitLab Unicorn Server
Requires=redis.service
Wants=mysqld.service postgresql.service
After=redis.service mysqld.service postgresql.service network.target
StartLimitIntervalSec=100s

[Service]
User=gitlab
Group=gitlab
WorkingDirectory=<DATADIR>
Environment=RAILS_ENV=production PATH=/opt/ruby2.3/bin:/usr/bin
SyslogIdentifier=gitlab-unicorn
PIDFile=/run/gitlab/unicorn.pid
RuntimeDirectory=gitlab
RuntimeDirectoryMode=775
PrivateTmp=true
PrivateDevices=true
ProtectSystem=full
ProtectHome=true
# These options break Gitlab's email delivery if you
# use postfix' sendmail wrapper. If you use an SMTP server
# instead you can safely enable these security features.
#NoNewPrivileges=true
#CapabilityBoundingSet=
ExecStart=/usr/bin/bundle-2.3 exec unicorn_rails -c <DATADIR>/config/unicorn.rb -E production
ExecStop=/usr/bin/kill -QUIT $MAINPID
ExecReload=/usr/bin/kill -USR2 $MAINPID
Restart=on-failure
RestartSec=1

[Install]
WantedBy=multi-user.target