calibre-server-freedombox.service

This unit is provided by:

• https://packages.debian.org/unstable/freedombox

Options

• [Install]
  • WantedBy=multi-user.target
• [Service]
  • CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_CHOWN CAP_FSETID CAP_SETFCAP CAP_DAC_OVERRIDE CAP_DAC_READ_SEARCH CAP_FOWNER CAP_IPC_OWNER CAP_NET_ADMIN CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE CAP_KILL CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_LINUX_IMMUTABLE CAP_IPC_LOCK CAP_SYS_CHROOT CAP_BLOCK_SUSPEND CAP_LEASE CAP_SYS_PACCT CAP_SYS_TTY_CONFIG CAP_SYS_BOOT CAP_MAC_ADMIN CAP_MAC_OVERRIDE CAP_SYS_NICE CAP_SYS_RESOURCE
  • DevicePolicy=closed
  • DynamicUser=yes
  • Environment=HOME="/var/lib/calibre-server-freedombox" DEFAULT_LIBRARY="/var/lib/calibre-server-freedombox/libraries/Library" ARGS="--listen-on 127.0.0.1 --url-prefix /calibre --port 8844 --enable-local-write --disable-auth --disable-use-bonjour"
  • ExecReload=/bin/kill -HUP $MAINPID
  • ExecStart=sh -e -c "files=${HOME}/libraries/*/metadata.db; libraries=$$(dirname $${files}) ; exec /usr/bin/calibre-server $ARGS $${libraries}"
  • ExecStartPre=sh -e -c "files=$$(ls ${HOME}/libraries/*/metadata.db 2>/dev/null || true); [ \"x$${files}\" = \"x\" ] && (mkdir -p \"${DEFAULT_LIBRARY}\" && calibredb --with-library=\"${DEFAULT_LIBRARY}\" list_categories > /dev/null) || true"
  • LockPersonality
    Introduced in systemd 235
    =yes
  • NoNewPrivileges
    Introduced in systemd 239
    =yes
  • PrivateDevices
    Introduced in systemd 209
    =yes
  • PrivateMounts=yes
  • PrivateTmp=yes
  • PrivateUsers=yes
  • ProtectClock
    Introduced in systemd 245
    =yes
  • ProtectControlGroups
    Introduced in systemd 232
    =yes
  • ProtectHome
    Introduced in systemd 214
    =yes
  • ProtectHostname
    Introduced in systemd 242
    =yes
  • ProtectKernelLogs
    Introduced in systemd 244
    =yes
  • ProtectKernelModules
    Introduced in systemd 232
    =yes
  • ProtectKernelTunables
    Introduced in systemd 232
    =yes
  • ProtectSystem
    Introduced in systemd 214
    =strict
  • Restart=on-failure
  • RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
  • RestrictNamespaces
    Introduced in systemd 233
    =yes
  • RestrictRealtime
    Introduced in systemd 231
    =yes
  • RestrictSUIDSGID
    Introduced in systemd 242
    =yes
  • StateDirectory=calibre-server-freedombox
  • SystemCallArchitectures=native
  • SystemCallErrorNumber=EPERM
  • SystemCallFilter=@system-service ~@resources ~@privileged
  • Type=simple
• [Unit]
  • After=network.target
  • ConditionPathExists=/usr/bin/calibre-server
  • Description=calibre Content Server
  • Documentation=man:calibre-server(1)

Additionnal notes

Nothing here.