mirror of
https://github.com/bookwyrm-social/bookwyrm.git
synced 2024-11-25 11:01:12 +00:00
34 lines
980 B
Desktop File
34 lines
980 B
Desktop File
[Unit]
|
|
Description=BookWyrm worker
|
|
After=network.target postgresql.service redis.service
|
|
|
|
[Service]
|
|
User=bookwyrm
|
|
Group=bookwyrm
|
|
WorkingDirectory=/opt/bookwyrm
|
|
ExecStart=/opt/bookwyrm/venv/bin/celery -A celerywyrm worker -l info -Q high_priority,medium_priority,low_priority,streams,images,suggested_users,email,connectors,lists,inbox,imports,import_triggered,broadcast,misc
|
|
StandardOutput=journal
|
|
StandardError=inherit
|
|
ProtectSystem=strict
|
|
ProtectHome=tmpfs
|
|
InaccessiblePaths=-/media -/mnt -/srv
|
|
PrivateTmp=yes
|
|
TemporaryFileSystem=/var /run /opt
|
|
PrivateUsers=true
|
|
PrivateDevices=true
|
|
BindReadOnlyPaths=/opt/bookwyrm
|
|
BindPaths=/opt/bookwyrm/images /opt/bookwyrm/static /var/run/postgresql
|
|
LockPersonality=yes
|
|
MemoryDenyWriteExecute=true
|
|
PrivateMounts=true
|
|
ProtectHostname=true
|
|
ProtectClock=true
|
|
ProtectKernelTunables=true
|
|
ProtectKernelModules=true
|
|
ProtectKernelLogs=true
|
|
ProtectControlGroups=true
|
|
RestrictRealtime=true
|
|
RestrictNamespaces=net
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|