2023-12-22 22:07:19 +08:00
|
|
|
|
# A simpler version of the service template with wider compatibility for older OS's
|
|
|
|
|
|
|
|
|
|
|
|
[Unit]
|
|
|
|
|
|
Description=listmonk email service
|
|
|
|
|
|
ConditionPathExists=/etc/listmonk/config.toml
|
|
|
|
|
|
Wants=network.target
|
|
|
|
|
|
# The PostgreSQL database may not be on the same host but if it
|
|
|
|
|
|
# is listmonk should wait for it to start up.
|
|
|
|
|
|
After=postgresql.service
|
|
|
|
|
|
|
|
|
|
|
|
[Service]
|
|
|
|
|
|
Type=simple
|
|
|
|
|
|
PermissionsStartOnly=true
|
|
|
|
|
|
WorkingDirectory=/usr/bin
|
|
|
|
|
|
ExecStartPre=/usr/bin/mkdir -p "/etc/listmonk/uploads"
|
|
|
|
|
|
ExecStartPre=/usr/bin/listmonk --config /etc/listmonk/config.toml --upgrade --yes
|
|
|
|
|
|
ExecStart=/usr/bin/listmonk --config /etc/listmonk/config.toml
|
|
|
|
|
|
TimeoutStopSec=10
|
|
|
|
|
|
Restart=on-failure
|
|
|
|
|
|
RestartSec=5
|
|
|
|
|
|
|
|
|
|
|
|
# To enable a static dir, add the following
|
|
|
|
|
|
# --static-dir /etc/listmonk/static
|
|
|
|
|
|
# to the end of the ExecStart line above after creating the dir and fetching the files with:
|
|
|
|
|
|
# mkdir -p /etc/listmonk/static ; wget -O - https://github.com/knadh/listmonk/archive/master.tar.gz | tar xz -C /etc/listmonk/static --strip=2 "listmonk-master/static"
|
|
|
|
|
|
|
2024-01-10 02:11:14 +08:00
|
|
|
|
# To enable a log file that persists after restarts, replace the ExecStart= line with:
|
|
|
|
|
|
# ExecStart=/bin/bash -ce "exec /usr/bin/listmonk --config /etc/listmonk/config.toml --static-dir /etc/listmonk/static >>/etc/listmonk/listmonk.log 2>&1"
|
|
|
|
|
|
|
|
|
|
|
|
# Set user to run listmonk service as (instead of root).
|
2023-12-22 22:07:19 +08:00
|
|
|
|
# Can use "DynamicUser=" instead, if your systemd version is >= 232.
|
|
|
|
|
|
# https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#DynamicUser=
|
|
|
|
|
|
#User=
|
|
|
|
|
|
#StateDirectory=/etc/listmonk
|
|
|
|
|
|
#Environment=HOME=/usr/bin
|
|
|
|
|
|
|
|
|
|
|
|
# Use systemd’s ability to disable security-sensitive features
|
|
|
|
|
|
# that listmonk does not explicitly need.
|
|
|
|
|
|
# NoNewPrivileges should be enabled by DynamicUser=yes but systemd-analyze
|
|
|
|
|
|
# still recommended to explicitly enable it.
|
|
|
|
|
|
NoNewPrivileges=True
|
|
|
|
|
|
# listmonk doesn’t need any capabilities as defined by the linux kernel
|
|
|
|
|
|
# see: https://man7.org/linux/man-pages/man7/capabilities.7.html
|
|
|
|
|
|
CapabilityBoundingSet=
|
|
|
|
|
|
# listmonk only executes native code with no need for any other ABIs.
|
|
|
|
|
|
SystemCallArchitectures=native
|
|
|
|
|
|
|
|
|
|
|
|
# Make /home/, /root/, and /run/user/ inaccessible.
|
|
|
|
|
|
# ProtectSystem=strict and ProtectHome=read-only are implied by DynamicUser=True
|
|
|
|
|
|
# If you set ExecStartPre=/usr/bin/mkdir -p "listmonk/uploads" to a directory in /home/ or /root/ it will cause uploads to fail
|
|
|
|
|
|
# See https://github.com/knadh/listmonk/issues/843#issuecomment-1836023524
|
|
|
|
|
|
ProtectHome=True
|
|
|
|
|
|
|
|
|
|
|
|
# Make sure files created by listmonk are only readable by itself and
|
|
|
|
|
|
# others in the listmonk system group.
|
|
|
|
|
|
UMask=0027
|
|
|
|
|
|
# listmonk only needs to support the IPv4 and IPv6 address families.
|
|
|
|
|
|
RestrictAddressFamilies=AF_INET AF_INET6
|
|
|
|
|
|
|
|
|
|
|
|
[Install]
|
|
|
|
|
|
WantedBy=multi-user.target
|
