Overview

File gotosocial.service of Package gotosocial-hardened

[Unit]
Description=ActivityPub social network server
Documentation=https://docs.gotosocial.org/en/latest/
AssertFileNotEmpty=/etc/credstore/gotosocial/config.yaml

[Service]
User=gotosocial
Group=gotosocial
DynamicUser=true
CapabilityBoundingSet=
PrivateDevices=true
ProtectClock=true
ProtectKernelLogs=true
ProtectControlGroups=true
ProtectKernelModules=true
SystemCallArchitectures=native
RestrictNamespaces=true
ProtectHostname=true
LockPersonality=true
ProtectKernelTunables=true
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
RestrictRealtime=true
ProtectHome=true
ProtectProc=invisible
ProcSubset=pid
SystemCallFilter=@system-service
SystemCallFilter=~@resources @privileged
SystemCallFilter=setrlimit
UMask=0066
ConfigurationDirectory=gotosocial
StateDirectory=gotosocial
WorkingDirectory=/var/lib/gotosocial
LoadCredential=config.yaml:/etc/credstore/gotosocial/config.yaml
ExecStart=/usr/bin/gotosocial --config-path ${CREDENTIALS_DIRECTORY}/config.yaml server start

[Install]
WantedBy=multi-user.target
openSUSE Build Service is sponsored by
Places