tandoor-recipes.service

This unit is provided by:

• https://nixos.org/channels/nixos-unstable

Options

• [Service]
  • BindReadOnlyPaths=/usr/etc/ssl/certs/ca-bundle.crt:/etc/ssl/certs/ca-certificates.crt /nix/store -/etc/resolv.conf -/etc/nsswitch.conf -/etc/hosts -/etc/localtime -/run/postgresql
  • CapabilityBoundingSet=
  • DynamicUser=yes
  • Environment="DB_ENGINE=django.db.backends.postgresql" "DEBUG=0" "GUNICORN_CMD_ARGS=--bind=localhost:8080" "MEDIA_ROOT=/var/lib/tandoor-recipes" "POSTGRES_DB=tandoor_recipes" "POSTGRES_HOST=/run/postgresql" "POSTGRES_USER=tandoor_recipes"
  • ExecStart=/usr/bin/gunicorn recipes.wsgi
  • ExecStartPre=/usr/bin/tandoor-recipes-pre-start
  • LockPersonality
    Introduced in systemd 235
    =yes
  • MemoryDenyWriteExecute
    Introduced in systemd 231
    =yes
  • PrivateDevices
    Introduced in systemd 209
    =yes
  • PrivateUsers=yes
  • ProtectClock
    Introduced in systemd 245
    =yes
  • ProtectControlGroups
    Introduced in systemd 232
    =yes
  • ProtectHome
    Introduced in systemd 214
    =yes
  • ProtectHostname
    Introduced in systemd 242
    =yes
  • ProtectKernelLogs
    Introduced in systemd 244
    =yes
  • ProtectKernelModules
    Introduced in systemd 232
    =yes
  • ProtectKernelTunables
    Introduced in systemd 232
    =yes
  • Restart=on-failure
  • RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
  • RestrictNamespaces
    Introduced in systemd 233
    =yes
  • RestrictRealtime
    Introduced in systemd 231
    =yes
  • RuntimeDirectory=tandoor-recipes
  • StateDirectory=tandoor-recipes
  • SystemCallArchitectures=native
  • SystemCallFilter=@system-service ~@privileged @resources @setuid @keyring
  • UMask=0066
  • User=tandoor_recipes
  • WorkingDirectory=/var/lib/tandoor-recipes
• [Unit]
  • After=postgresql.service
  • Description=Tandoor Recipes server

Additionnal notes

Nothing here.