Overview

File draupnir-appservice.service of Package draupnir

[Unit]
Description=Draupnir - Matrix Appservice
Documentation=https://the-draupnir-project.github.io/draupnir-documentation
After=matrix-synapse.service
Wants=matrix-synapse.service

[Service]
User=draupnir
Group=draupnir
Environment=NODE_ENV=production
ExecStart=/usr/bin/node __DATADIR__/lib/appservice/cli.js -c __SYSCONFDIR__/default.yaml -f __SYSCONFDIR__/registration.yaml

Restart=on-failure
RestartSec=1
StartLimitBurst=3

AmbientCapabilities=
CapabilityBoundingSet=
KeyringMode=private
LockPersonality=yes
MountFlags=private
NoNewPrivileges=yes
PrivateDevices=yes
PrivateTmp=yes
ProtectClock=yes
ProtectControlGroups=yes
ProtectHome=yes
ProtectHostname=yes
ProtectKernelLogs=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectSystem=strict
RemoveIPC=yes
RestrictAddressFamilies=AF_INET AF_INET6
RestrictNamespaces=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
SystemCallArchitectures=native
SystemCallFilter=@basic-io @file-system @io-event @ipc @network-io @process @signal ioctl madvise pkey_alloc sysinfo uname
UMask=027

## known not compatible:
#MemoryDenyWriteExecute=yes

[Install]
WantedBy=multi-user.target
openSUSE Build Service is sponsored by
Places