add initial research for rpm

1 files changed, 52 insertions, 0 deletions

diff --git a/rpm/jellyfin.service b/rpm/jellyfin.service
new file mode 100644
index 0000000..3432f16
--- /dev/null
+++ b/rpm/jellyfin.service
@@ -0,0 +1,52 @@
+[Unit]
+Description = Jellyfin Media Server
+After = network-online.target
+
+[Service]
+Type = simple
+EnvironmentFile = /etc/sysconfig/jellyfin
+User = jellyfin
+Group = jellyfin
+WorkingDirectory = /var/lib/jellyfin
+ExecStart = /usr/bin/jellyfin ${JELLYFIN_WEB_OPT} ${JELLYFIN_RESTART_OPT} ${JELLYFIN_FFMPEG_OPT} ${JELLYFIN_SERVICE_OPT} ${JELLYFIN_NOWEBAPP_OPT} ${JELLYFIN_ADDITIONAL_OPTS}
+Restart = on-failure
+TimeoutSec = 15
+SuccessExitStatus=0 143
+
+NoNewPrivileges=true
+SystemCallArchitectures=native
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
+RestrictNamespaces=false
+RestrictRealtime=true
+RestrictSUIDSGID=true
+#ProtectClock=true #blocks video hardware acceleration
+ProtectControlGroups=false
+ProtectHostname=true
+ProtectKernelLogs=false
+ProtectKernelModules=false
+ProtectKernelTunables=false
+LockPersonality=true
+PrivateTmp=false
+PrivateDevices=false
+PrivateUsers=true
+RemoveIPC=true
+SystemCallFilter=~@clock
+SystemCallFilter=~@aio
+SystemCallFilter=~@chown
+SystemCallFilter=~@cpu-emulation
+SystemCallFilter=~@debug
+SystemCallFilter=~@keyring
+SystemCallFilter=~@memlock
+SystemCallFilter=~@module
+SystemCallFilter=~@mount
+SystemCallFilter=~@obsolete
+SystemCallFilter=~@privileged
+SystemCallFilter=~@raw-io
+SystemCallFilter=~@reboot
+SystemCallFilter=~@setuid
+SystemCallFilter=~@swap
+SystemCallErrorNumber=EPERM
+
+[Install]
+WantedBy = multi-user.target
+