mirror of
https://github.com/octoleo/syncthing.git
synced 2024-12-23 03:18:59 +00:00
3e99ddfbf0
Add a commented entry to the systemd service file templates to point the user in the right direction when using syncOwnership and starting via systemd. Which is more upgrade-friendly than setting caps on the executable directly, as mentioned in the docs.
29 lines
688 B
Desktop File
29 lines
688 B
Desktop File
[Unit]
|
|
Description=Syncthing - Open Source Continuous File Synchronization for %I
|
|
Documentation=man:syncthing(1)
|
|
After=network.target
|
|
StartLimitIntervalSec=60
|
|
StartLimitBurst=4
|
|
|
|
[Service]
|
|
User=%i
|
|
ExecStart=/usr/bin/syncthing serve --no-browser --no-restart --logflags=0
|
|
Restart=on-failure
|
|
RestartSec=1
|
|
SuccessExitStatus=3 4
|
|
RestartForceExitStatus=3 4
|
|
|
|
# Hardening
|
|
ProtectSystem=full
|
|
PrivateTmp=true
|
|
SystemCallArchitectures=native
|
|
MemoryDenyWriteExecute=true
|
|
NoNewPrivileges=true
|
|
|
|
# Elevated permissions to sync ownership (disabled by default),
|
|
# see https://docs.syncthing.net/advanced/folder-sync-ownership
|
|
#AmbientCapabilities=CAP_CHOWN CAP_FOWNER
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|