modules/gitweb/files/git@.service

   1 [Unit]
   2 Description=git daemon
   3 Documentation=man:git-daemon(1)
   4
   5 [Service]
   6 ExecStart=/usr/bin/git daemon --inetd --verbose --export-all --base-path=/srv/git
   7 StandardInput=socket
   8 StandardOutput=socket
   9 StandardError=journal
  10 User=git
  11
  12 # sandboxing options, see systemd.exec(5)
  13 NoNewPrivileges=yes
  14 PrivateNetwork=yes
  15 PrivateDevices=yes
  16 PrivateTmp=yes
  17 ProtectHome=yes
  18 ReadOnlyDirectories=/
  19 SystemCallArchitectures=native
  20 RestrictRealtime=yes
  21 ProtectControlGroups=yes
  22 ProtectKernelModules=yes