nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-04-29 10:10:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
FreedomBox/plinth/modules/calibre/data/usr/lib/systemd/system/calibre-server-freedombox.service
Sunil Mohan Adapa 1c47877f6b
calibre: Run service only if when installed 
- This avoids attempting to run the service soon after FreedomBox is installed.

Tests:

- When old freedombox.deb is installed, the service is enabled. When upgraded to
newer .deb with the changes, the service is still enabled but no start attempt
is made by systemd.

- After installation of calibre, the service is running as expected.

- On a fresh installation, calibre service is working as expected.

Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
2021-10-09 22:09:00 -04:00

48 lines
2.0 KiB
Desktop File
Raw Blame History

# SPDX-License-Identifier: AGPL-3.0-or-later
[Unit]
Description=calibre Content Server
Documentation=man:calibre-server(1)
After=network.target
ConditionPathExists=/usr/bin/calibre-server
[Service]
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_CHOWN CAP_FSETID CAP_SETFCAP CAP_DAC_OVERRIDE CAP_DAC_READ_SEARCH CAP_FOWNER CAP_IPC_OWNER CAP_NET_ADMIN CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE CAP_KILL CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_LINUX_IMMUTABLE CAP_IPC_LOCK CAP_SYS_CHROOT CAP_BLOCK_SUSPEND CAP_LEASE CAP_SYS_PACCT CAP_SYS_TTY_CONFIG CAP_SYS_BOOT CAP_MAC_ADMIN CAP_MAC_OVERRIDE CAP_SYS_NICE CAP_SYS_RESOURCE
DevicePolicy=closed
Environment=HOME="/var/lib/calibre-server-freedombox"
Environment=DEFAULT_LIBRARY="/var/lib/calibre-server-freedombox/libraries/Library"
Environment=ARGS="--listen-on 127.0.0.1 --url-prefix /calibre --port 8844 --enable-local-write --disable-auth --disable-use-bonjour"
ExecStartPre=sh -e -c "files=$$(ls ${HOME}/libraries/*/metadata.db 2>/dev/null || true); [ \"x$${files}\" = \"x\" ] && (mkdir -p \"${DEFAULT_LIBRARY}\" && calibredb --with-library=\"${DEFAULT_LIBRARY}\" list_categories > /dev/null) || true"
ExecStart=sh -e -c "files=${HOME}/libraries/*/metadata.db; libraries=$$(dirname $${files}) ; exec /usr/bin/calibre-server $ARGS $${libraries}"
Restart=on-failure
ExecReload=/bin/kill -HUP $MAINPID
DynamicUser=yes
LockPersonality=yes
NoNewPrivileges=yes
PrivateDevices=yes
PrivateMounts=yes
PrivateTmp=yes
PrivateUsers=yes
ProtectControlGroups=yes
ProtectClock=yes
ProtectHome=yes
ProtectHostname=yes
ProtectKernelLogs=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectSystem=strict
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
RestrictNamespaces=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
StateDirectory=calibre-server-freedombox
SystemCallArchitectures=native
SystemCallFilter=@system-service
SystemCallFilter=~@resources
SystemCallFilter=~@privileged
SystemCallErrorNumber=EPERM
Type=simple
[Install]
WantedBy=multi-user.target
Reference in New Issue View Git Blame Copy Permalink