vaultwarden.service

This unit is provided by:

https://archlinux.org/packages/community/x86_64/vaultwarden/

Options

[Install]
- WantedBy=multi-user.target
[Service]
- AmbientCapabilities=CAP_NET_BIND_SERVICE
- CapabilityBoundingSet=CAP_NET_BIND_SERVICE
- EnvironmentFile=/etc/vaultwarden.env
- ExecStart=/usr/bin/vaultwarden
- Group=vaultwarden
- LimitNOFILE=1048576
- LockPersonalityIntroduced in systemd 235=yes
- MemoryDenyWriteExecuteIntroduced in systemd 231=yes
- NoNewPrivilegesIntroduced in systemd 239=yes
- PrivateDevicesIntroduced in systemd 209=yes
- PrivateTmp=yes
- ProtectClockIntroduced in systemd 245=yes
- ProtectControlGroupsIntroduced in systemd 232=yes
- ProtectHomeIntroduced in systemd 214=yes
- ProtectHostnameIntroduced in systemd 242=yes
- ProtectKernelLogsIntroduced in systemd 244=yes
- ProtectKernelModulesIntroduced in systemd 232=yes
- ProtectKernelTunablesIntroduced in systemd 232=yes
- ProtectSystemIntroduced in systemd 214=strict
- ReadWritePaths=/var/lib/vaultwarden /var/log/vaultwarden.log
- RemoveIPCIntroduced in systemd 232=yes
- RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
- RestrictNamespacesIntroduced in systemd 233=yes
- RestrictRealtimeIntroduced in systemd 231=yes
- RestrictSUIDSGIDIntroduced in systemd 242=yes
- SystemCallArchitectures=native
- SystemCallFilter=@system-service ~@privileged @resources
- UMask=0077
- User=vaultwarden
- WorkingDirectory=/var/lib/vaultwarden
[Unit]
- After=network.target
- Description=Vaultwarden Server
- Documentation=https://github.com/dani-garcia/vaultwarden

Additionnal notes

Nothing here.