diff options
| author | Joshua M. Boniface <joshua@boniface.me> | 2024-02-03 16:08:56 -0500 |
|---|---|---|
| committer | Joshua M. Boniface <joshua@boniface.me> | 2024-02-03 16:09:29 -0500 |
| commit | 9a2248e1d20ebc1826d246bf5bcb194e3499408e (patch) | |
| tree | 87fbcfa2325e85797ad68d172208a4427aa470fb /debian/conf/jellyfin.service.conf | |
| parent | Add submodule checkout tool (diff) | |
| download | jellyfin-packaging-9a2248e1d20ebc1826d246bf5bcb194e3499408e.tar.gz jellyfin-packaging-9a2248e1d20ebc1826d246bf5bcb194e3499408e.tar.bz2 jellyfin-packaging-9a2248e1d20ebc1826d246bf5bcb194e3499408e.zip | |
Add combined Debian build
Diffstat (limited to 'debian/conf/jellyfin.service.conf')
| -rw-r--r-- | debian/conf/jellyfin.service.conf | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/debian/conf/jellyfin.service.conf b/debian/conf/jellyfin.service.conf new file mode 100644 index 0000000..1f92d7d --- /dev/null +++ b/debian/conf/jellyfin.service.conf @@ -0,0 +1,55 @@ +# Jellyfin systemd configuration options + +# Use this file to override the user or environment file location. + +[Service] +# Alter the user that Jellyfin runs as +#User = jellyfin + +# Alter where environment variables are sourced from +#EnvironmentFile = /etc/default/jellyfin + +# Service hardening options +# These were added in PR #6953 to solve issue #6952, but some combination of +# them causes "restart.sh" functionality to break with the following error: +# sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the +# 'nosuid' option set or an NFS file system without root privileges? +# See issue #7503 for details on the troubleshooting that went into this. +# Since these were added for NixOS specifically and are above and beyond +# what 99% of systemd units do, they have been moved here as optional +# additional flags to set for maximum system security and can be enabled at +# the administrator's or package maintainer's discretion. +# Uncomment these only if you know what you're doing, and doing so may cause +# bugs with in-server Restart and potentially other functionality as well. +#NoNewPrivileges=true +#SystemCallArchitectures=native +#RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK +#RestrictNamespaces=false +#RestrictRealtime=true +#RestrictSUIDSGID=true +#ProtectControlGroups=false +#ProtectHostname=true +#ProtectKernelLogs=false +#ProtectKernelModules=false +#ProtectKernelTunables=false +#LockPersonality=true +#PrivateTmp=false +#PrivateDevices=false +#PrivateUsers=true +#RemoveIPC=true +#SystemCallFilter=~@clock +#SystemCallFilter=~@aio +#SystemCallFilter=~@chown +#SystemCallFilter=~@cpu-emulation +#SystemCallFilter=~@debug +#SystemCallFilter=~@keyring +#SystemCallFilter=~@memlock +#SystemCallFilter=~@module +#SystemCallFilter=~@mount +#SystemCallFilter=~@obsolete +#SystemCallFilter=~@privileged +#SystemCallFilter=~@raw-io +#SystemCallFilter=~@reboot +#SystemCallFilter=~@setuid +#SystemCallFilter=~@swap +#SystemCallErrorNumber=EPERM |