File bookstack.service of Package bookstack

[Unit]
Description=Platform for organising and storing information
After=network.target mariadb.service

[Service]
RemoveIPC=true
Type=notify
User=bookstack
Group=caddy
PrivateUsers=true
CapabilityBoundingSet=
NoNewPrivileges=true
PrivateDevices=true
ProtectClock=true
ProtectKernelLogs=true
ProtectControlGroups=true
ProtectKernelModules=true
SystemCallArchitectures=native
MemoryDenyWriteExecute=true
RestrictNamespaces=true
RestrictSUIDSGID=true
ProtectHostname=true
LockPersonality=true
ProtectKernelTunables=yes
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX AF_NETLINK
RestrictRealtime=true
ProtectSystem=strict
ProtectProc=invisible
ProcSubset=pid
ProtectHome=true
PrivateTmp=true
SystemCallFilter=@system-service
SystemCallFilter=~@resources @privileged
UMask=0066
ConfigurationDirectory=webapps/bookstack
RuntimeDirectory=bookstack
StateDirectory=bookstack
StateDirectoryMode=0750
CacheDirectory=bookstack
CacheDirectoryMode=0750
LoadCredential=env:/etc/credstore/bookstack/env
WorkingDirectory=/usr/share/webapps/bookstack
ExecStartPre=php -d extension=mysqli -d extension=pdo_mysql artisan migrate --no-interaction --force
ExecStart=php-fpm --pid ${RUNTIME_DIRECTORY}/php-fpm.pid --fpm-config ${CONFIGURATION_DIRECTORY}/php-fpm.conf
PIDFile=${RUNTIME_DIRECTORY}/php-fpm.pid

[Install]
WantedBy=multi-user.target