Last active
September 3, 2025 01:05
-
-
Save nawan95/2e4df336c6cf70e8d9b46f9dc8c8ca1a to your computer and use it in GitHub Desktop.
Slightly modified Readeck systemd unit file from https://readeck.org/en/docs/deploy
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Unit] | |
| Description=Readeck - Open Source bookmark manager | |
| After=network.target | |
| [Service] | |
| User=readeck | |
| Group=readeck | |
| DynamicUser=true | |
| StateDirectory=readeck | |
| WorkingDirectory=/var/lib/readeck | |
| ConfigurationDirectory=readeck | |
| ExecStart=/usr/local/bin/readeck serve -config /etc/readeck/config.toml | |
| Restart=on-failure | |
| RestartSec=5 | |
| # Optional sandboxing options | |
| # ReadWritePaths=/etc/readeck /var/lib/readeck | |
| NoNewPrivileges=true | |
| PrivateDevices=yes | |
| RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK | |
| RestrictNamespaces=yes | |
| RestrictRealtime=yes | |
| DevicePolicy=closed | |
| ProtectClock=yes | |
| ProtectHostname=yes | |
| ProtectProc=invisible | |
| ProtectControlGroups=yes | |
| ProtectKernelModules=yes | |
| ProtectKernelTunables=yes | |
| LockPersonality=yes | |
| SystemCallArchitectures=native | |
| [Install] | |
| WantedBy=multi-user.target |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment