# This file is shipped as part of the Takahe package.
# Author: Georg Pfuetzenreuter <mail+rpm@georg-pfuetzenreuter.net>

[Unit]
Description=Takahe
After=postgresql.service
Wants=postgresql.service
PartOf=%N.target

[Service]
User=_%N
Group=_%N

EnvironmentFile=/etc/sysconfig/%N
ExecStart=/usr/bin/gunicorn %N.%N.wsgi:application -b "$BIND"

PrivateDevices=yes
PrivateTmp=yes
ProtectControlGroups=yes
ProtectHome=yes
ProtectKernelLogs=yes
ProtectSystem=strict
RestrictAddressFamilies=AF_INET6 AF_INET AF_UNIX
SystemCallArchitectures=native
SystemCallFilter=@system-service

ReadWritePaths=/srv/%N/media

[Install]
WantedBy=multi-user.target