[Unit]
Description=PgWeb Postgres Browser
After=network.target

[Service]
Type=simple
User={{ pgweb_user }}
Group={{ pgweb_user }}
ExecStart={{ pgweb_root_dir }}/bin/pgweb \
             --listen {{ pgweb_port }} \
             --bind {{ (pgweb_src_ip | length > 0) | ternary('0.0.0.0','127.0.0.1') }} \
             --bookmarks-dir={{ pgweb_bookmarks_dir }} \
{% if not pgweb_ssh_tunnels %}
             --no-ssh \
{% endif %}
             --sessions
RuntimeDirectory=pgweb
RestartSec=30
Restart=always
NoNewPrivileges=true
PrivateDevices=true
ProtectControlGroups=true
ProtectHome=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectSystem=strict
RestrictRealtime=true
RestrictNamespaces=yes
ReadWritePaths=/run
PrivateTmp=true
MemoryDenyWriteExecute=yes

[Install]
WantedBy=multi-user.target