blob: 4fa3e2ba968d6f3c5a4df89e6cd0b33ca170ff13 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
[Unit]
Description=Synapse Matrix homeserver
ConditionPathExists=/etc/matrix-synapse/conf.d/server_name.yaml
Documentation=file:/usr/share/doc/matrix-synapse/README.rst
[Service]
Type=simple
User=matrix-synapse
WorkingDirectory=/var/lib/matrix-synapse
EnvironmentFile=/etc/default/matrix-synapse
ExecStartPre=/usr/bin/python3 -m synapse.app.homeserver --config-path=/etc/matrix-synapse/homeserver.yaml --config-path=/etc/matrix-synapse/conf.d/ --generate-keys
ExecStart=/usr/bin/python3 -m synapse.app.homeserver --config-path=/etc/matrix-synapse/homeserver.yaml --config-path=/etc/matrix-synapse/conf.d/
Restart=on-failure
RestartSec=3
SELinuxContext=system_u:system_r:matrixd_t:s0
# sandboxing
ConfigurationDirectory=matrix-synapse
LockPersonality=yes
LogsDirectory=matrix-synapse
NoNewPrivileges=yes
PrivateDevices=yes
PrivateTmp=yes
ProtectControlGroups=yes
ProtectHome=read-only
ProtectKernelLogs=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectSystem=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictRealtime=yes
StateDirectory=matrix-synapse
SystemCallArchitectures=native
[Install]
WantedBy=multi-user.target
|
