diff options
author | Stonewall Jackson <stonewall@sacredheartsc.com> | 2023-05-31 21:35:04 -0400 |
---|---|---|
committer | Stonewall Jackson <stonewall@sacredheartsc.com> | 2023-05-31 21:35:04 -0400 |
commit | 236d813994acd076ce96d764d569ee6bb3da98f9 (patch) | |
tree | 33f811ba7f557032601356218ff11d67a4895ffe /roles/synapse/templates/etc/systemd/system | |
parent | 9cbb7d043e7379f9d7e7c81cd75fcd2176a0b322 (diff) | |
download | selfhosted-236d813994acd076ce96d764d569ee6bb3da98f9.tar.gz selfhosted-236d813994acd076ce96d764d569ee6bb3da98f9.zip |
add synapse role
Diffstat (limited to 'roles/synapse/templates/etc/systemd/system')
-rw-r--r-- | roles/synapse/templates/etc/systemd/system/synapse.service.j2 | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/roles/synapse/templates/etc/systemd/system/synapse.service.j2 b/roles/synapse/templates/etc/systemd/system/synapse.service.j2 new file mode 100644 index 0000000..84ab9f3 --- /dev/null +++ b/roles/synapse/templates/etc/systemd/system/synapse.service.j2 @@ -0,0 +1,42 @@ +[Unit] +Description=Synapse Matrix Homeserver +Documentation=https://github.com/matrix-org/synapse +Wants=gssproxy.service +After=network-online.target nss-user-lookup.target gssproxy.service + +[Service] +NoNewPrivileges=yes +PrivateTmp=yes +PrivateDevices=yes +DevicePolicy=closed +ProtectSystem=strict +ProtectHome=yes +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +LockPersonality=yes +ReadWritePaths={{ synapse_home }} + +User={{ synapse_user }} +Group={{ synapse_user }} + +Type=notify +NotifyAccess=main +WorkingDirectory={{ synapse_home }} +Environment=GSS_USE_PROXY=yes +EnvironmentFile=-/etc/sysconfig/synapse + +ExecStart={{ synapse_venv }}/bin/python -m synapse.app.homeserver --config-path={{ synapse_home }}/homeserver.yaml +ExecReload=/bin/kill -HUP $MAINPID + +Restart=always +RestartSec=3 + +SyslogIdentifier=synapse + +[Install] +WantedBy=multi-user.target |