| 1 | [Unit] |
| 2 | Description=openhub git hosting service |
| 3 | After=network.target |
| 4 | |
| 5 | [Service] |
| 6 | Type=simple |
| 7 | User=openhub |
| 8 | Group=openhub |
| 9 | ExecStart=/usr/local/bin/openhub |
| 10 | Restart=on-failure |
| 11 | RestartSec=5 |
| 12 | |
| 13 | Environment=OPENHUB_BIND=127.0.0.1:3000 |
| 14 | Environment=OPENHUB_REPOS_ROOT=/srv/openhub/repos |
| 15 | Environment=OPENHUB_DB_URL=sqlite:/srv/openhub/openhub.db |
| 16 | Environment=OPENHUB_HOOK_PATH=/usr/local/bin/git-quota-hook |
| 17 | Environment=OPENHUB_GIT_HTTP_BACKEND=/usr/lib/git-core/git-http-backend |
| 18 | Environment=RUST_LOG=info |
| 19 | EnvironmentFile=-/srv/openhub/openhub.env |
| 20 | |
| 21 | # Allow binding port 22 without root |
| 22 | AmbientCapabilities=CAP_NET_BIND_SERVICE |
| 23 | CapabilityBoundingSet=CAP_NET_BIND_SERVICE |
| 24 | |
| 25 | # Hardening |
| 26 | ProtectSystem=strict |
| 27 | ProtectHome=true |
| 28 | ReadWritePaths=/srv/openhub |
| 29 | PrivateTmp=true |
| 30 | |
| 31 | [Install] |
| 32 | WantedBy=multi-user.target |