Skip to content

Commit

Permalink
Add additional override options to service.d conf
Browse files Browse the repository at this point in the history 
1. Add examples of overriding the Group and WorkingDirectory; the former
being important if one decides to use an alternate data/working
directory.

2. Simplify the comments around the service hardening options,
especially given that we've now removed the hacky restart.sh restarting
method.
  • Loading branch information
@joshuaboniface
joshuaboniface committed Jul 6, 2024
1 parent 7e8f016 commit c463739
Showing 1 changed file with 10 additions and 13 deletions.
23 changes: 10 additions & 13 deletions debian/conf/jellyfin.service.conf
View file
Original file line number Diff line number Diff line change
@@ -1,26 +1,23 @@
# Jellyfin systemd configuration options

# Use this file to override the user or environment file location.
# Use this file to override default systemd unit values

[Service]
# Alter the user that Jellyfin runs as
# Alter the user/group that Jellyfin runs as
#User = jellyfin
#Group = jellyfin

# Alter where environment variables are sourced from
#EnvironmentFile = /etc/default/jellyfin

# Alter the working directory (useful if changing the data path)
#WorkingDirectory = /var/lib/jellyfin

# Service hardening options
# These were added in PR #6953 to solve issue #6952, but some combination of
# them causes "restart.sh" functionality to break with the following error:
# sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the
# 'nosuid' option set or an NFS file system without root privileges?
# See issue #7503 for details on the troubleshooting that went into this.
# Since these were added for NixOS specifically and are above and beyond
# what 99% of systemd units do, they have been moved here as optional
# additional flags to set for maximum system security and can be enabled at
# the administrator's or package maintainer's discretion.
# Uncomment these only if you know what you're doing, and doing so may cause
# bugs with in-server Restart and potentially other functionality as well.
# These optional options provide additional service hardening for Jellyfin
# These are an ADVANCED FEATURE - if you enable these and encounter issues,
# please disable them first and triage which if any are causing the trouble
# before reporting any issues.
#NoNewPrivileges=true
#SystemCallArchitectures=native
#RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
Expand Down

0 comments on commit c463739

Please sign in to comment.