Merge branch 'activitypub-likes' into 'develop'

[akkoma] / installation / pleroma.service

diff --git a/installation/pleroma.service b/installation/pleroma.service
index 84747d95297b606964861949b60346baa2e52bbb..f1ed56cb3c8dd9db857392840ae58650cf1e3cdb 100644 (file)
--- a/installation/pleroma.service
+++ b/installation/pleroma.service
@@ -6,6 +6,7 @@ After=network.target postgresql.service
 User=pleroma
 WorkingDirectory=/home/pleroma/pleroma
 Environment="HOME=/home/pleroma"
+Environment="MIX_ENV=prod"
 ExecStart=/usr/local/bin/mix phx.server
 ExecReload=/bin/kill $MAINPID
 KillMode=process
@@ -20,6 +21,8 @@ ProtectSystem=full
 PrivateDevices=false
 ; Ensures that the service process and all its children can never gain new privileges through execve().
 NoNewPrivileges=true
+; Drops the sysadmin capability from the daemon.
+CapabilityBoundingSet=~CAP_SYS_ADMIN
 
 [Install]
 WantedBy=multi-user.target