gitsrht.service

This unit is provided by:

https://nixos.org/channels/nixos-unstable

Options

[Service]
- AmbientCapabilities=
- BindPaths=/var/lib/sourcehut/gitsrht/repos:/var/lib/sourcehut/gitsrht/repos
- BindReadOnlyPaths=/nix/store /etc /run/booted-system /run/current-system /run/systemd /run/postgresql /run/redis-sourcehut-gitsrht
- CapabilityBoundingSet=
- DeviceAllow=
- Environment="HOME=/run/sourcehut/gitsrht"
- ExecStart=/usr/bin/gunicorn gitsrht.app:app --name gitsrht --bind localhost:5001 --timeout 120 --workers 1 --log-level=info
- ExecStartPre=+gitsrht-credentials /usr/bin/gitsrht-pre-start
- Group=gitsrht
- InaccessiblePaths=-+/run/sourcehut/chroots/gitsrht
- LockPersonalityIntroduced in systemd 235=yes
- MemoryDenyWriteExecuteIntroduced in systemd 231=yes
- MountAPIVFS=yes
- NoNewPrivilegesIntroduced in systemd 239=yes
- PrivateDevicesIntroduced in systemd 209=yes
- PrivateMounts=yes
- PrivateNetwork=no
- PrivateTmp=yes
- PrivateUsers=yes
- ProcSubsetIntroduced in systemd 247=pid
- ProtectClockIntroduced in systemd 245=yes
- ProtectControlGroupsIntroduced in systemd 232=yes
- ProtectHomeIntroduced in systemd 214=yes
- ProtectHostnameIntroduced in systemd 242=yes
- ProtectKernelLogsIntroduced in systemd 244=yes
- ProtectKernelModulesIntroduced in systemd 232=yes
- ProtectKernelTunablesIntroduced in systemd 232=yes
- ProtectProcIntroduced in systemd 247=invisible
- ProtectSystemIntroduced in systemd 214=strict
- RemoveIPCIntroduced in systemd 232=yes
- Restart=always
- RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
- RestrictNamespacesIntroduced in systemd 233=yes
- RestrictRealtimeIntroduced in systemd 231=yes
- RestrictSUIDSGIDIntroduced in systemd 242=yes
- RootDirectory=/run/sourcehut/chroots/gitsrht
- RootDirectoryStartOnly=yes
- RuntimeDirectory=sourcehut/gitsrht sourcehut/gitsrht/subdir sourcehut/chroots/gitsrht
- RuntimeDirectoryMode=2750
- StateDirectory=sourcehut/gitsrht sourcehut/gitsrht/repos sourcehut/gitsrht
- StateDirectoryMode=2750
- SystemCallArchitectures=native
- SystemCallFilter=@system-service ~@aio ~@keyring ~@memlock ~@privileged ~@resources ~@timer @chown @setuid
- Type=simple
- UMask=0026
- User=gitsrht
- WorkingDirectory=-/run/sourcehut/gitsrht
[Unit]
- After=network.target postgresql.service redis-sourcehut-gitsrht.service
- Before=nginx.service
- Description=sourcehut git.sr.ht website service
- Requires=postgresql.service redis-sourcehut-gitsrht.service
- Wants=nginx.service

Additionnal notes

Nothing here.