diff --git a/templates/etc/systemd/user/repair_daemon_fotothek.service.j2 b/templates/etc/systemd/user/repair_daemon_fotothek.service.j2 new file mode 100644 index 0000000000000000000000000000000000000000..0e6534475fe73726729b312aff91ab0de6674824 --- /dev/null +++ b/templates/etc/systemd/user/repair_daemon_fotothek.service.j2 @@ -0,0 +1,36 @@ +[Unit] +Description=Repair Tool Daemon (Fotothek) +After=network.target + +[Service] +ExecStart=/usr/bin/perl -I/usr/lib/perl5 /usr/bin/repair_daemon.pl --sourcedir=/mnt/lza_repair_fotothek/unprocessed/ --targetdir=/mnt/lza_repair_fotothek/processed/ --logdir=/mnt/lza_repair_fotothek/log/ --minwait=65 --minfileage=65 --crashmail="{{ vault_service_files.repair_daemon_fotothek.crashmail }}" --daemonname="Repair-Daemon-Fotothek" --workers 5 +ExecReload=/bin/kill -HUP $MAINPID +KillMode=process +Restart=on-failure +User={{ vault_service_user }} +Group={{ vault_service_group }} +Type=simple + +### Security features +# documented at https://www.freedesktop.org/software/systemd/man/systemd.exec.html +#ProtectSystem=strict +#ProtectHome=read-only +#ProtectHostname=true +#ProtectClock=true +#ProtectKernelTunables=true +#ProtectKernelModules=true +#ProtectKernelLogs=true +#ProtectControlGroups=true +#LockPersonality=true +#MemoryDenyWriteExecute=true +#RestrictRealtime=true +#RestrictSUIDSGID=true +## RemoveIPC=true +## PrivateMounts=true +## MountFlags= +## SystemCallFilter is a Whitelist!!! +#SystemCallFilter=@aio,@basic-io,@debug,@file-system,@network-io +#SystemCallErrorNumber=1337 + +[Install] +WantedBy=multi-user.target