diff options
Diffstat (limited to 'roles/syncthing/templates/etc/systemd')
| -rw-r--r-- | roles/syncthing/templates/etc/systemd/system/syncthing-user@.service.j2 | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/roles/syncthing/templates/etc/systemd/system/syncthing-user@.service.j2 b/roles/syncthing/templates/etc/systemd/system/syncthing-user@.service.j2 new file mode 100644 index 0000000..ba0ffb5 --- /dev/null +++ b/roles/syncthing/templates/etc/systemd/system/syncthing-user@.service.j2 @@ -0,0 +1,27 @@ +[Unit] +Description=Syncthing - Open Source Continuous File Synchronization for %I +Documentation=man:syncthing(1) +After=autofs.service nss-user-lookup.target network-online.target + +[Service] +User=%i +Group=%i +Environment=STNOUPGRADE=1 +PermissionsStartOnly=true +ExecStartPre=install -o root -g root -m 0755 -Z -d {{ syncthing_runtime_dir | quote }} +ExecStartPre=install -o %i -g apache -m 2750 -Z -d {{ syncthing_runtime_dir | quote }}/%i +ExecStart=/usr/bin/syncthing -no-browser -no-restart -logflags=0 -home {{ syncthing_home | quote}}/%i -gui-address=unix://{{ syncthing_runtime_dir | quote }}/%i/gui.sock +Restart=on-failure +RestartSec=5 +SuccessExitStatus=3 4 +RestartForceExitStatus=3 4 + +# Hardening +ProtectSystem=full +PrivateTmp=true +SystemCallArchitectures=native +MemoryDenyWriteExecute=true +NoNewPrivileges=true + +[Install] +WantedBy=multi-user.target |