Add additional override options to service.d conf
1. Add examples of overriding the Group and WorkingDirectory; the former being important if one decides to use an alternate data/working directory. 2. Simplify the comments around the service hardening options, especially given that we've now removed the hacky restart.sh restarting method.
This commit is contained in:
Joshua M. Boniface
23
debian/conf/jellyfin.service.conf
vendored
23
debian/conf/jellyfin.service.conf
vendored
@@ -1,26 +1,23 @@
|
||||
# Jellyfin systemd configuration options
|
||||
|
||||
# Use this file to override the user or environment file location.
|
||||
# Use this file to override default systemd unit values
|
||||
|
||||
[Service]
|
||||
# Alter the user that Jellyfin runs as
|
||||
# Alter the user/group that Jellyfin runs as
|
||||
#User = jellyfin
|
||||
#Group = jellyfin
|
||||
|
||||
# Alter where environment variables are sourced from
|
||||
#EnvironmentFile = /etc/default/jellyfin
|
||||
|
||||
# Alter the working directory (useful if changing the data path)
|
||||
#WorkingDirectory = /var/lib/jellyfin
|
||||
|
||||
# Service hardening options
|
||||
# These were added in PR #6953 to solve issue #6952, but some combination of
|
||||
# them causes "restart.sh" functionality to break with the following error:
|
||||
# sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the
|
||||
# 'nosuid' option set or an NFS file system without root privileges?
|
||||
# See issue #7503 for details on the troubleshooting that went into this.
|
||||
# Since these were added for NixOS specifically and are above and beyond
|
||||
# what 99% of systemd units do, they have been moved here as optional
|
||||
# additional flags to set for maximum system security and can be enabled at
|
||||
# the administrator's or package maintainer's discretion.
|
||||
# Uncomment these only if you know what you're doing, and doing so may cause
|
||||
# bugs with in-server Restart and potentially other functionality as well.
|
||||
# These optional options provide additional service hardening for Jellyfin
|
||||
# These are an ADVANCED FEATURE - if you enable these and encounter issues,
|
||||
# please disable them first and triage which if any are causing the trouble
|
||||
# before reporting any issues.
|
||||
#NoNewPrivileges=true
|
||||
#SystemCallArchitectures=native
|
||||
#RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
|
||||
|
||||
Reference in New Issue
Block a user