Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create listmonk-simple.service #1622

Merged
merged 5 commits into from
Dec 22, 2023
Merged

Create listmonk-simple.service #1622

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
7e4a1fd
Create listmonk-simple.service
MaximilianKohler Dec 11, 2023
dd19950
fix static dir
MaximilianKohler Dec 11, 2023
b51e462
change fetch static files cmd
MaximilianKohler Dec 12, 2023
59daffe
optional user fields
MaximilianKohler Dec 12, 2023
7782f12
Environment=HOME=/usr/bin
MaximilianKohler Dec 12, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
60 changes: 60 additions & 0 deletions listmonk-simple.service
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
# A simpler version of the service template with wider compatibility for older OS's

[Unit]
Description=listmonk email service
ConditionPathExists=/etc/listmonk/config.toml
Wants=network.target
# The PostgreSQL database may not be on the same host but if it
# is listmonk should wait for it to start up.
After=postgresql.service

[Service]
Type=simple
PermissionsStartOnly=true
WorkingDirectory=/usr/bin
ExecStartPre=/usr/bin/mkdir -p "/etc/listmonk/uploads"
ExecStartPre=/usr/bin/listmonk --config /etc/listmonk/config.toml --upgrade --yes
ExecStart=/usr/bin/listmonk --config /etc/listmonk/config.toml
TimeoutStopSec=10
Restart=on-failure
RestartSec=5

# To enable a static dir, add the following
# --static-dir /etc/listmonk/static
# to the end of the ExecStart line above after creating the dir and fetching the files with:
# mkdir -p /etc/listmonk/static ; wget -O - https://github.com/knadh/listmonk/archive/master.tar.gz | tar xz -C /etc/listmonk/static --strip=2 "listmonk-master/static"

# Set user to run listmonk service as (instead of root), and folders it can write to.
# Can use "DynamicUser=" instead, if your systemd version is >= 232.
# https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#DynamicUser=
#User=
#StateDirectory=/etc/listmonk
#LogsDirectory=/etc/listmonk
#CacheDirectory=/etc/listmonk/cache
#Environment=HOME=/usr/bin

# Use systemd’s ability to disable security-sensitive features
# that listmonk does not explicitly need.
# NoNewPrivileges should be enabled by DynamicUser=yes but systemd-analyze
# still recommended to explicitly enable it.
NoNewPrivileges=True
# listmonk doesn’t need any capabilities as defined by the linux kernel
# see: https://man7.org/linux/man-pages/man7/capabilities.7.html
CapabilityBoundingSet=
# listmonk only executes native code with no need for any other ABIs.
SystemCallArchitectures=native

# Make /home/, /root/, and /run/user/ inaccessible.
# ProtectSystem=strict and ProtectHome=read-only are implied by DynamicUser=True
# If you set ExecStartPre=/usr/bin/mkdir -p "listmonk/uploads" to a directory in /home/ or /root/ it will cause uploads to fail
# See https://github.com/knadh/listmonk/issues/843#issuecomment-1836023524
ProtectHome=True

# Make sure files created by listmonk are only readable by itself and
# others in the listmonk system group.
UMask=0027
# listmonk only needs to support the IPv4 and IPv6 address families.
RestrictAddressFamilies=AF_INET AF_INET6

[Install]
WantedBy=multi-user.target