techadmin
cbdc9d6664
- #4: LXC/Container Drop-in (lxc-compat.conf) deaktiviert systemd-Hardening; Installer erkennt Container automatisch und bietet Drop-in an - #5: WorkingDirectory=/opt/pdf-ocr-hotfolder in Template-Unit ergänzt - #6: Installer bietet auf Debian 12 bei betroffenen GS-Versionen automatisch bookworm-backports Upgrade an (statt nur Warnung) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
27 lines
595 B
Desktop File
27 lines
595 B
Desktop File
[Unit]
|
|
Description=PDF OCR Hotfolder (Instance: %i)
|
|
After=network-online.target
|
|
Wants=network-online.target
|
|
|
|
[Service]
|
|
Type=simple
|
|
User=pdfocr
|
|
Group=pdfocr
|
|
WorkingDirectory=/opt/pdf-ocr-hotfolder
|
|
ExecStart=/opt/pdf-ocr-hotfolder/venv/bin/python -m pdf_ocr_hotfolder --config /etc/pdf-ocr-hotfolder/%i.toml
|
|
Restart=on-failure
|
|
RestartSec=5
|
|
KillMode=mixed
|
|
TimeoutStopSec=30
|
|
|
|
# Hardening (lockerer wegen AD-User & Datei-ACLs)
|
|
NoNewPrivileges=true
|
|
PrivateTmp=true
|
|
ProtectSystem=full
|
|
ProtectKernelTunables=true
|
|
ProtectKernelModules=true
|
|
ProtectControlGroups=true
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|