dani
/
ansible-roles
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
ansible-roles/roles/bookstack/templates/bookstack-queue.service.j2

30 lines
773 B
Django/Jinja
Raw Blame History

[Unit]
Description=BookStack {{ bookstack_id }} Queue Worker
[Service]
User={{ bookstack_php_user }}
Group={{ bookstack_php_user }}
Restart=always
ExecStart=/bin/php{{ bookstack_php_version }} {{ bookstack_root_dir }}/app/artisan queue:work --sleep=3 --tries=1 --max-time=3600
NoNewPrivileges=true
PrivateDevices=true
ProtectControlGroups=true
ProtectHome=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectSystem=strict
RestrictRealtime=true
RestrictNamespaces=yes
ReadWritePaths={{ bookstack_root_dir }}
PrivateTmp=true
SystemCallArchitectures=native
SystemCallFilter=@system-service
SystemCallFilter=~@privileged
SystemCallFilter=~@resources
SystemCallErrorNumber=EPERM
LockPersonality=yes
MemoryDenyWriteExecute=yes
[Install]
WantedBy=multi-user.target
Reference in New Issue View Git Blame Copy Permalink