ansible-roles/roles/lemonldap_ng/templates/llng-uwsgi.service.j2

[Unit]
Description=uWSGI server for Lemonldap::NG websso system
After=network.target

[Service]
Type=simple
RuntimeDirectory=llng-uwsgi
PIDFile=/run/llng-uwsgi/llng-uwsgi.pid
User=apache
# So we can restrict the socket to 660
Group=nginx
# So we can read /etc/lemonldap-ng/lemonldap-ng.ini
SupplementaryGroups=apache
WorkingDirectory=/usr/share/lemonldap-ng/llng-server
ExecStart=/usr/sbin/uwsgi \
             --plugin psgi \
             --psgi llng-server.psgi \
             --plugin systemd_logger \
             --logger systemd \
             --socket /run/llng-uwsgi/llng-uwsgi.sock \
             --chmod-socket=660 \
             --master \
             --workers {{ llng_workers }} \
             --max-worker-lifetime 604800 \
             --max-requests 100000 \
             --disable-logging \
             --harakiri 30 \
             --buffer-size 65535 \
             --limit-post 0 \
             --safe-pidfile /run/llng-uwsgi/llng-uwsgi.pid \
             --die-on-term
ExecReload=/usr/bin/kill -HUP $MAINPID
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=full
ProtectHome=yes
NoNewPrivileges=yes
MemoryLimit={{ llng_workers * 250 }}M
Restart=on-failure
StartLimitInterval=0
RestartSec=1

[Install]
WantedBy=multi-user.target