This unit is provided by:
Options
-
[Service]
-
BindPaths=/var/lib/paperless/consume /var/lib/paperless /var/lib/paperless/media
-
BindReadOnlyPaths=/nix/store -/etc/resolv.conf -/etc/nsswitch.conf -/etc/hosts -/etc/localtime -/run/postgresql /run/redis-paperless/redis.sock
-
CapabilityBoundingSet=
-
DeviceAllow=
-
Environment="GUNICORN_CMD_ARGS=--bind=localhost:28981" "PAPERLESS_CONSUMPTION_DIR=/var/lib/paperless/consume" "PAPERLESS_DATA_DIR=/var/lib/paperless" "PAPERLESS_MEDIA_ROOT=/var/lib/paperless/media" "PAPERLESS_REDIS=unix:///run/redis-paperless/redis.sock"
-
ExecStart=/usr/bin/paperless-ngx document_consumer
-
LockPersonality
Introduced in systemd 235=yes -
MemoryDenyWriteExecute
Introduced in systemd 231=yes -
NoNewPrivileges
Introduced in systemd 239=yes -
PrivateDevices
Introduced in systemd 209=yes -
PrivateMounts=yes
-
PrivateNetwork=yes
-
PrivateTmp=yes
-
PrivateUsers=yes
-
ProtectClock
Introduced in systemd 245=yes -
ProtectControlGroups
Introduced in systemd 232=yes -
ProtectHostname
Introduced in systemd 242=yes -
ProtectKernelLogs
Introduced in systemd 244=yes -
ProtectKernelModules
Introduced in systemd 232=yes -
ProtectKernelTunables
Introduced in systemd 232=yes -
ProtectProc
Introduced in systemd 247=invisible -
Restart=on-failure
-
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
-
RestrictNamespaces
Introduced in systemd 233=yes -
RestrictRealtime
Introduced in systemd 231=yes -
RestrictSUIDSGID
Introduced in systemd 242=yes -
SupplementaryGroups=redis-paperless
-
SystemCallArchitectures=native
-
SystemCallFilter=@system-service ~@privileged @setuid @keyring
-
TemporaryFileSystem=/:ro
-
User=paperless
-
-
[Unit]
-
After=paperless-scheduler.service
-
BindsTo=paperless-scheduler.service
-
Description=Paperless document consumer
-
Additionnal notes
Nothing here.