All checks were successful
		
		
	
	Checks / Prefligit / prefligit (pull_request) Successful in 27s
				
			Documentation / Build and Deploy Documentation (pull_request) Successful in 50s
				
			Release Docker Image / define-variables (push) Successful in 3s
				
			Checks / Prefligit / prefligit (push) Successful in 15s
				
			Documentation / Build and Deploy Documentation (push) Successful in 33s
				
			Checks / Rust / Format (push) Successful in 38s
				
			Checks / Rust / Clippy (push) Successful in 4m14s
				
			Checks / Rust / Cargo Test (push) Successful in 4m49s
				
			Release Docker Image / build-image (linux/amd64, release, linux-amd64, base) (push) Successful in 12m13s
				
			Release Docker Image / build-image (linux/arm64, release, linux-arm64, base) (push) Successful in 22m29s
				
			Release Docker Image / merge (push) Successful in 18s
				
			Fixes #905
		
			
				
	
	
		
			70 lines
		
	
	
	
		
			1.5 KiB
		
	
	
	
		
			Desktop File
		
	
	
	
	
	
			
		
		
	
	
			70 lines
		
	
	
	
		
			1.5 KiB
		
	
	
	
		
			Desktop File
		
	
	
	
	
	
| [Unit]
 | |
| 
 | |
| Description=Continuwuity - Matrix homeserver
 | |
| Wants=network-online.target
 | |
| After=network-online.target
 | |
| Documentation=https://continuwuity.org/
 | |
| Alias=matrix-conduwuit.service
 | |
| 
 | |
| [Service]
 | |
| DynamicUser=yes
 | |
| User=conduwuit
 | |
| Group=conduwuit
 | |
| Type=notify
 | |
| 
 | |
| Environment="CONTINUWUITY_CONFIG=/etc/conduwuit/conduwuit.toml"
 | |
| 
 | |
| Environment="CONTINUWUITY_LOG_TO_JOURNALD=true"
 | |
| Environment="CONTINUWUITY_JOURNALD_IDENTIFIER=%N"
 | |
| 
 | |
| ExecStart=/usr/sbin/conduwuit
 | |
| 
 | |
| ReadWritePaths=/var/lib/conduwuit /etc/conduwuit
 | |
| 
 | |
| AmbientCapabilities=
 | |
| CapabilityBoundingSet=
 | |
| 
 | |
| DevicePolicy=closed
 | |
| LockPersonality=yes
 | |
| MemoryDenyWriteExecute=yes
 | |
| NoNewPrivileges=yes
 | |
| #ProcSubset=pid
 | |
| ProtectClock=yes
 | |
| ProtectControlGroups=yes
 | |
| ProtectHome=yes
 | |
| ProtectHostname=yes
 | |
| ProtectKernelLogs=yes
 | |
| ProtectKernelModules=yes
 | |
| ProtectKernelTunables=yes
 | |
| ProtectProc=invisible
 | |
| ProtectSystem=strict
 | |
| PrivateDevices=yes
 | |
| PrivateMounts=yes
 | |
| PrivateTmp=yes
 | |
| PrivateUsers=yes
 | |
| PrivateIPC=yes
 | |
| RemoveIPC=yes
 | |
| RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
 | |
| RestrictNamespaces=yes
 | |
| RestrictRealtime=yes
 | |
| RestrictSUIDSGID=yes
 | |
| SystemCallArchitectures=native
 | |
| SystemCallFilter=@system-service @resources
 | |
| SystemCallFilter=~@clock @debug @module @mount @reboot @swap @cpu-emulation @obsolete @timer @chown @setuid @privileged @keyring @ipc
 | |
| SystemCallErrorNumber=EPERM
 | |
| #StateDirectory=conduwuit
 | |
| 
 | |
| RuntimeDirectory=conduwuit
 | |
| RuntimeDirectoryMode=0750
 | |
| 
 | |
| Restart=on-failure
 | |
| RestartSec=5
 | |
| 
 | |
| TimeoutStopSec=2m
 | |
| TimeoutStartSec=2m
 | |
| 
 | |
| StartLimitInterval=1m
 | |
| StartLimitBurst=5
 | |
| 
 | |
| [Install]
 | |
| WantedBy=multi-user.target
 |