# Gitea SystemD Service - Rick-Infra
# Generated by Ansible Gitea role

[Unit]
Description=Gitea Git with a cup of tea
After=network.target postgresql.service
Wants=postgresql.service

[Service]
Type=simple
User={{ gitea_user }}
Group={{ gitea_group }}
WorkingDirectory={{ gitea_home }}
ExecStart=/usr/bin/gitea web --config /etc/gitea/app.ini
Restart=always
RestartSec=10

# Security hardening
NoNewPrivileges=true
PrivateTmp=true
ProtectHome=true
ProtectSystem=strict
ReadWritePaths={{ gitea_home }}
ReadWritePaths=/etc/gitea
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6

# Process limits
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target

# Rick-Infra: Self-contained Gitea service with security hardening