added service and user/group

2026-02-24 13:52:33 +03:00 · 2026-02-24 13:52:33 +03:00 · 4252bbda0d
commit 4252bbda0d
parent 00eba43f9f
4 changed files with 67 additions and 20 deletions
--- a/.gear/livekit.service
+++ b/.gear/livekit.service
@ -0,0 +1,50 @@
+[Unit]
+Description=LiveKit Server (WebRTC SFU)
+Documentation=https://docs.livekit.io/
+Wants=network-online.target
+After=network-online.target
+
+[Service]
+Type=simple
+
+Environment="LIVEKIT_CONFIG=/etc/livekit/livekit.yaml"
+
+#ExecStartPre=/usr/bin/test -r ${LIVEKIT_CONFIG_FILE}
+ExecStart=/usr/bin/livekit-server
+
+User=livekit
+Group=livekit
+UMask=0077
+WorkingDirectory=/var/lib/livekit
+
+Restart=on-failure
+RestartSec=2s
+TimeoutStopSec=20s
+KillMode=mixed
+
+StateDirectory=livekit
+RuntimeDirectory=livekit
+LogsDirectory=livekit
+
+NoNewPrivileges=yes
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectSystem=strict
+ProtectHome=yes
+ProtectControlGroups=yes
+ProtectKernelTunables=yes
+ProtectKernelModules=yes
+ProtectKernelLogs=yes
+ProtectClock=yes
+LockPersonality=yes
+MemoryDenyWriteExecute=yes
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+RemoveIPC=yes
+DevicePolicy=closed
+KeyringMode=private
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+SystemCallArchitectures=native
+
+[Install]
+WantedBy=multi-user.target