modules/gitweb/files/gitweb.service

   1 [Unit]
   2 Description=git web server
   3 Documentation=man:gitweb(1) man:gitweb.conf(5)
   4
   5 [Service]
   6 ExecStart=/usr/local/bin/gitweb.cgi --fastcgi
   7 # gitweb kills itself every 100 requests or so, expects to be restarted externally
   8 Restart=on-success
   9 # place the socket in the bind-mounted directory that’s also bind-mounted into nginx’ container
  10 Environment=FCGI_SOCKET_PATH=/gitweb-socket/gitweb
  11 # set UTF-8 locale
  12 Environment=LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8
  13 # don’t run gitweb as root
  14 User=git
  15 # allow web server to read the socket by making it world-accessible
  16 UMask=0000
  17
  18 # sandboxing options, see systemd.exec(5)
  19 NoNewPrivileges=yes
  20 PrivateNetwork=yes
  21 PrivateDevices=yes
  22 PrivateTmp=yes
  23 ProtectHome=yes
  24 ReadOnlyPaths=/
  25 ReadWritePaths=/gitweb-socket/
  26 SystemCallArchitectures=native
  27 RestrictRealtime=yes
  28 ProtectControlGroups=yes
  29 ProtectKernelModules=yes
  30
  31 [Install]
  32 WantedBy=multi-user.target