From 1fe53d9d2329ba4a8b4b95607e5689c1f553a8cb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Sachse?= <joerg.sachse@slub-dresden.de>
Date: Thu, 10 Nov 2022 11:56:32 +0100
Subject: [PATCH] fix: add systemd service unit for Fotothek repair service

---
 .../user/repair_daemon_fotothek.service.j2    | 36 +++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 templates/etc/systemd/user/repair_daemon_fotothek.service.j2

diff --git a/templates/etc/systemd/user/repair_daemon_fotothek.service.j2 b/templates/etc/systemd/user/repair_daemon_fotothek.service.j2
new file mode 100644
index 0000000..0e65344
--- /dev/null
+++ b/templates/etc/systemd/user/repair_daemon_fotothek.service.j2
@@ -0,0 +1,36 @@
+[Unit]
+Description=Repair Tool Daemon (Fotothek)
+After=network.target
+
+[Service]
+ExecStart=/usr/bin/perl -I/usr/lib/perl5 /usr/bin/repair_daemon.pl --sourcedir=/mnt/lza_repair_fotothek/unprocessed/ --targetdir=/mnt/lza_repair_fotothek/processed/ --logdir=/mnt/lza_repair_fotothek/log/ --minwait=65 --minfileage=65 --crashmail="{{ vault_service_files.repair_daemon_fotothek.crashmail }}" --daemonname="Repair-Daemon-Fotothek" --workers 5
+ExecReload=/bin/kill -HUP $MAINPID
+KillMode=process
+Restart=on-failure
+User={{ vault_service_user }}
+Group={{ vault_service_group }}
+Type=simple
+
+### Security features
+# documented at https://www.freedesktop.org/software/systemd/man/systemd.exec.html
+#ProtectSystem=strict
+#ProtectHome=read-only
+#ProtectHostname=true
+#ProtectClock=true
+#ProtectKernelTunables=true
+#ProtectKernelModules=true
+#ProtectKernelLogs=true
+#ProtectControlGroups=true
+#LockPersonality=true
+#MemoryDenyWriteExecute=true
+#RestrictRealtime=true
+#RestrictSUIDSGID=true
+## RemoveIPC=true
+## PrivateMounts=true
+## MountFlags=
+## SystemCallFilter is a Whitelist!!!
+#SystemCallFilter=@aio,@basic-io,@debug,@file-system,@network-io
+#SystemCallErrorNumber=1337
+
+[Install]
+WantedBy=multi-user.target
-- 
GitLab