37 lines
1.0 KiB
Django/Jinja
37 lines
1.0 KiB
Django/Jinja
[Unit]
|
|
Description=Sigvild Wedding Gallery API
|
|
After=network.target
|
|
|
|
[Service]
|
|
Type=simple
|
|
User={{ sigvild_gallery_user }}
|
|
Group={{ sigvild_gallery_user }}
|
|
WorkingDirectory={{ sigvild_gallery_home }}
|
|
ExecStart={{ sigvild_gallery_binary }} serve --http={{ sigvild_gallery_host }}:{{ sigvild_gallery_port }}
|
|
|
|
# Environment variables
|
|
Environment="SIGVILD_ENVIRONMENT"="production" # Lets caddy handle CORS
|
|
Environment="HOST_USERNAME={{ sigvild_gallery_host_username }}"
|
|
Environment="HOST_PASSWORD={{ sigvild_gallery_host_password }}"
|
|
Environment="HOST_DISPLAY_NAME=Wedding Host"
|
|
Environment="GUEST_USERNAME={{ sigvild_gallery_guest_username }}"
|
|
Environment="GUEST_PASSWORD={{ sigvild_gallery_guest_password }}"
|
|
Environment="GUEST_DISPLAY_NAME=Wedding Guest"
|
|
|
|
# Restart configuration
|
|
Restart=always
|
|
RestartSec=3
|
|
|
|
# Security sandboxing
|
|
NoNewPrivileges=yes
|
|
PrivateTmp=yes
|
|
ProtectSystem=strict
|
|
ProtectHome=yes
|
|
ReadWritePaths={{ sigvild_gallery_data_dir }}
|
|
|
|
# Allow binding to port (if needed)
|
|
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|