util/systemd/streamplace.service at eli/docker-deployment-docs · stream.place/streamplace

stream.place / streamplace

Live video on the AT Protocol

streamplace / util / systemd / streamplace.service

at eli/docker-deployment-docs 53 lines 1.1 kB view raw

 1[Unit]
 2Description=Live video for the AT Protocol. Solving video for everybody forever.
 3Documentation=https://stream.place/docs
 4After=network-online.target
 5Wants=network-online.target
 6Requires=network.target
 7
 8[Service]
 9Type=exec
10ExecStart=/usr/bin/streamplace
11Restart=always
12RestartSec=3
13TimeoutStartSec=60
14TimeoutStopSec=30
15
16User=streamplace
17Group=streamplace
18
19# Environment
20Environment=SP_DATA_DIR=/var/lib/streamplace
21
22# Additional environment file for user customization
23EnvironmentFile=-/etc/streamplace/streamplace.env
24
25# Grant capability to bind to privileged ports
26AmbientCapabilities=CAP_NET_BIND_SERVICE
27CapabilityBoundingSet=CAP_NET_BIND_SERVICE
28
29# Security hardening
30NoNewPrivileges=yes
31ProtectHome=yes
32ProtectKernelTunables=yes
33ProtectKernelModules=yes
34ProtectControlGroups=yes
35RestrictRealtime=yes
36RestrictSUIDSGID=yes
37RemoveIPC=yes
38PrivateTmp=yes
39
40# Resource limits
41LimitNOFILE=65536
42LimitNPROC=4096
43
44# Logging
45StandardOutput=journal
46StandardError=journal
47SyslogIdentifier=streamplace
48
49# Working directory
50WorkingDirectory=/var/lib/streamplace
51
52[Install]
53WantedBy=multi-user.target