closed-social
/
mastodon
3
0
Fork 2
Code Issues 5 Pull Requests 0 Projects 0 Releases 3 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
10639 Commits
4 Branches
567 MiB
Tree: 755e946220
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '755e946220'
${ noResults }
mastodon/dist/mastodon-web.service

45 lines
1.1 KiB
Raw Normal View History

Add nginx and systemd templates (#8770) So they can be copied during installation instead of looking them up in the documentation Make default sidekiq configuration use weighted queues Remove deprecated docs directory
6 years ago
Preload libjemalloc.so for long-running Ruby (#16462) Always mark jemalloc needed if jemalloc is enabled by akihikodaki · Pull Request #4627 · ruby/ruby https://github.com/ruby/ruby/pull/4627 > Symbols exported by jemalloc is referred by the shared library but not > by the executables when building Ruby as a shared library with > jemalloc. It causes shared libraries such as the GNU C++ library > occasionally rely on the memory allocator provided by the standard C > library. Worse, the resolved symbols can later be replaced with > jemalloc, and jemalloc may see pointers from the standard C library, > which results in various failures. > e.g. https://github.com/tootsuite/mastodon/issues/15751 As a workaround, do not rely on jemalloc enablement of Ruby, and preload libjemalloc.so instead.
3 years ago
Add nginx and systemd templates (#8770) So they can be copied during installation instead of looking them up in the documentation Make default sidekiq configuration use weighted queues Remove deprecated docs directory
6 years ago
templates/systemd/mastodon: enable sandbox mode (#15937)
3 years ago
templates/systemd/mastodon: optimize SystemCallFilters (#16127)
3 years ago
Add nginx and systemd templates (#8770) So they can be copied during installation instead of looking them up in the documentation Make default sidekiq configuration use weighted queues Remove deprecated docs directory
6 years ago
 
  1. [Unit]
  2. Description=mastodon-web
  3. After=network.target
  4. 

  5. [Service]
  6. Type=simple
  7. User=mastodon
  8. WorkingDirectory=/home/mastodon/live
  9. Environment="RAILS_ENV=production"
  10. Environment="PORT=3000"
  11. Environment="LD_PRELOAD=libjemalloc.so"
  12. ExecStart=/home/mastodon/.rbenv/shims/bundle exec puma -C config/puma.rb
  13. ExecReload=/bin/kill -SIGUSR1 $MAINPID
  14. TimeoutSec=15
  15. Restart=always
  16. # Capabilities
  17. CapabilityBoundingSet=
  18. # Security
  19. NoNewPrivileges=true
  20. # Sandboxing
  21. ProtectSystem=strict
  22. PrivateTmp=true
  23. PrivateDevices=true
  24. PrivateUsers=true
  25. ProtectHostname=true
  26. ProtectKernelLogs=true
  27. ProtectKernelModules=true
  28. ProtectKernelTunables=true
  29. ProtectControlGroups=true
  30. RestrictAddressFamilies=AF_INET
  31. RestrictAddressFamilies=AF_INET6
  32. RestrictAddressFamilies=AF_NETLINK
  33. RestrictAddressFamilies=AF_UNIX
  34. RestrictNamespaces=true
  35. LockPersonality=true
  36. RestrictRealtime=true
  37. RestrictSUIDSGID=true
  38. PrivateMounts=true
  39. ProtectClock=true
  40. # System Call Filtering
  41. SystemCallArchitectures=native
  42. SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @resources @setuid @swap
  43. 

  44. [Install]
  45. WantedBy=multi-user.target