PKGBUILDs/extra/couchdb/couchdb.service

43 lines
931 B
SYSTEMD
Raw Normal View History

2022-05-28 19:22:37 +00:00
[Unit]
Description=CouchDB Server
[Service]
User=couchdb
Group=couchdb
Type=simple
WorkingDirectory=~
StateDirectory=couchdb
EnvironmentFile=/etc/default/couchdb
ExecStart=/usr/lib/couchdb/bin/couchdb
ReadWritePaths=/etc/couchdb/local.ini
Restart=always
RestartSec=2s
AmbientCapabilities=
CapabilityBoundingSet=
LockPersonality=true
# Not compatible with the use of JS
#MemoryDenyWriteExecute=true
NoNewPrivileges=True
PrivateDevices=true
PrivateTmp=true
PrivateUsers=true
ProtectClock=true
ProtectControlGroups=yes
ProtectHome=true
ProtectHostname=true
ProtectKernelLogs=true
ProtectKernelModules=yes
ProtectKernelTunables=true
ProtectProc=invisible
ProtectSystem=strict
RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_UNIX
RestrictNamespaces=true
RestrictRealtime=true
RestrictSUIDSGID=true
SystemCallArchitectures=native
SystemCallFilter=@system-service
SystemCallErrorNumber=EPERM
[Install]
WantedBy=multi-user.target