ansible-roles/roles/pgweb/templates/pgweb.service.j2

[Unit]
Description=PgWeb Postgres Browser
After=network.target

[Service]
Type=simple
User={{ pgweb_user }}
Group={{ pgweb_user }}
ExecStart={{ pgweb_root_dir }}/bin/pgweb \
             --listen {{ pgweb_port }} \
             --bind {{ (pgweb_src_ip | length > 0) | ternary('0.0.0.0','127.0.0.1') }} \
             --bookmarks-dir={{ pgweb_bookmarks_dir }} \
{% if not pgweb_ssh_tunnels %}
             --no-ssh \
{% endif %}
             --sessions
RuntimeDirectory=pgweb
RestartSec=30
Restart=always
NoNewPrivileges=true
PrivateDevices=true
ProtectControlGroups=true
ProtectHome=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectSystem=strict
RestrictRealtime=true
RestrictNamespaces=yes
ReadWritePaths=/run
PrivateTmp=true
MemoryDenyWriteExecute=yes

[Install]
WantedBy=multi-user.target
Update to 2022-02-18 16:00 2022-02-18 16:00:06 +01:00			`[Unit]`
			`Description=PgWeb Postgres Browser`
			`After=network.target`

			`[Service]`
			`Type=simple`
			`User={{ pgweb_user }}`
			`Group={{ pgweb_user }}`
			`ExecStart={{ pgweb_root_dir }}/bin/pgweb \`
			`--listen {{ pgweb_port }} \`
			`--bind {{ (pgweb_src_ip \| length > 0) \| ternary('0.0.0.0','127.0.0.1') }} \`
			`--bookmarks-dir={{ pgweb_bookmarks_dir }} \`
			`{% if not pgweb_ssh_tunnels %}`
			`--no-ssh \`
			`{% endif %}`
			`--sessions`
			`RuntimeDirectory=pgweb`
			`RestartSec=30`
			`Restart=always`
			`NoNewPrivileges=true`
			`PrivateDevices=true`
			`ProtectControlGroups=true`
			`ProtectHome=true`
			`ProtectKernelModules=true`
			`ProtectKernelTunables=true`
			`ProtectSystem=strict`
			`RestrictRealtime=true`
			`RestrictNamespaces=yes`
			`ReadWritePaths=/run`
			`PrivateTmp=true`
			`MemoryDenyWriteExecute=yes`

			`[Install]`
			`WantedBy=multi-user.target`