diff options
Diffstat (limited to 'roles/jellyfin/templates/etc/systemd/system/jellyfin.service.j2')
-rw-r--r-- | roles/jellyfin/templates/etc/systemd/system/jellyfin.service.j2 | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/roles/jellyfin/templates/etc/systemd/system/jellyfin.service.j2 b/roles/jellyfin/templates/etc/systemd/system/jellyfin.service.j2 new file mode 100644 index 0000000..2b809bb --- /dev/null +++ b/roles/jellyfin/templates/etc/systemd/system/jellyfin.service.j2 @@ -0,0 +1,51 @@ +[Unit] +Description = Jellyfin Media Server +After=autofs.service network-online.target nss-user-lookup.target + +[Service] +Type = simple +EnvironmentFile = /etc/sysconfig/jellyfin +User = {{ jellyfin_user }} +Group = {{ jellyfin_user }} +WorkingDirectory = /var/lib/jellyfin +ExecStart = {{ jellyfin_install_dir }}/jellyfin ${JELLYFIN_WEB_OPT} ${JELLYFIN_RESTART_OPT} ${JELLYFIN_FFMPEG_OPT} ${JELLYFIN_SERVICE_OPT} ${JELLYFIN_NOWEBAPP_OPT} ${JELLYFIN_ADDITIONAL_OPTS} +Restart = on-failure +TimeoutSec = 15 +SuccessExitStatus=0 143 + +NoNewPrivileges=true +SystemCallArchitectures=native +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK +RestrictNamespaces=false +RestrictRealtime=true +RestrictSUIDSGID=true +ProtectClock=true +ProtectControlGroups=false +ProtectHostname=true +ProtectKernelLogs=false +ProtectKernelModules=false +ProtectKernelTunables=false +LockPersonality=true +PrivateTmp=false +PrivateDevices=false +PrivateUsers=true +RemoveIPC=true +SystemCallFilter=~@clock +SystemCallFilter=~@aio +SystemCallFilter=~@chown +SystemCallFilter=~@cpu-emulation +SystemCallFilter=~@debug +SystemCallFilter=~@keyring +SystemCallFilter=~@memlock +SystemCallFilter=~@module +SystemCallFilter=~@mount +SystemCallFilter=~@obsolete +SystemCallFilter=~@privileged +SystemCallFilter=~@raw-io +SystemCallFilter=~@reboot +SystemCallFilter=~@setuid +SystemCallFilter=~@swap +SystemCallErrorNumber=EPERM + +[Install] +WantedBy = multi-user.target |