fcf5b9b46e
Ensures that the RPM service unit has all the tweaks from the Deb service unit, and some in the other direction too.
51 lines
1.3 KiB
Desktop File
51 lines
1.3 KiB
Desktop File
[Unit]
|
|
Description = Jellyfin Media Server
|
|
After = network-online.target
|
|
|
|
[Service]
|
|
Type = simple
|
|
EnvironmentFile = /etc/default/jellyfin
|
|
User = jellyfin
|
|
Group = jellyfin
|
|
WorkingDirectory = /var/lib/jellyfin
|
|
ExecStart = /usr/bin/jellyfin ${JELLYFIN_WEB_OPT} ${JELLYFIN_RESTART_OPT} ${JELLYFIN_FFMPEG_OPT} ${JELLYFIN_SERVICE_OPT} ${JELLYFIN_NOWEBAPP_OPT} ${JELLYFIN_ADDITIONAL_OPTS}
|
|
Restart = on-failure
|
|
TimeoutSec = 15
|
|
|
|
NoNewPrivileges=true
|
|
SystemCallArchitectures=native
|
|
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
|
|
RestrictNamespaces=false
|
|
RestrictRealtime=true
|
|
RestrictSUIDSGID=true
|
|
ProtectClock=true
|
|
ProtectControlGroups=false
|
|
ProtectHostname=true
|
|
ProtectKernelLogs=false
|
|
ProtectKernelModules=false
|
|
ProtectKernelTunables=false
|
|
LockPersonality=true
|
|
PrivateTmp=false
|
|
PrivateDevices=false
|
|
PrivateUsers=true
|
|
RemoveIPC=true
|
|
SystemCallFilter=~@clock
|
|
SystemCallFilter=~@aio
|
|
SystemCallFilter=~@chown
|
|
SystemCallFilter=~@cpu-emulation
|
|
SystemCallFilter=~@debug
|
|
SystemCallFilter=~@keyring
|
|
SystemCallFilter=~@memlock
|
|
SystemCallFilter=~@module
|
|
SystemCallFilter=~@mount
|
|
SystemCallFilter=~@obsolete
|
|
SystemCallFilter=~@privileged
|
|
SystemCallFilter=~@raw-io
|
|
SystemCallFilter=~@reboot
|
|
SystemCallFilter=~@setuid
|
|
SystemCallFilter=~@swap
|
|
SystemCallErrorNumber=EPERM
|
|
|
|
[Install]
|
|
WantedBy = multi-user.target
|