# Jellyfin systemd configuration options

# Use this file to override default systemd unit values

[Service]
# Alter the user/group that Jellyfin runs as
#User = jellyfin
#Group = jellyfin

# Alter where environment variables are sourced from
#EnvironmentFile = /etc/default/jellyfin

# Alter the working directory (useful if changing the data path)
#WorkingDirectory = /var/lib/jellyfin

# Service hardening options
# These optional options provide additional service hardening for Jellyfin
# These are an ADVANCED FEATURE - if you enable these and encounter issues,
# please disable them first and triage which if any are causing the trouble
# before reporting any issues.
#NoNewPrivileges=true
#SystemCallArchitectures=native
#RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
#RestrictNamespaces=false
#RestrictRealtime=true
#RestrictSUIDSGID=true
#ProtectControlGroups=false
#ProtectHostname=true
#ProtectKernelLogs=false
#ProtectKernelModules=false
#ProtectKernelTunables=false
#LockPersonality=true
#PrivateTmp=false
#PrivateDevices=false
#PrivateUsers=true
#RemoveIPC=true
#SystemCallFilter=~@clock
#SystemCallFilter=~@aio
#SystemCallFilter=~@chown
#SystemCallFilter=~@cpu-emulation
#SystemCallFilter=~@debug
#SystemCallFilter=~@keyring
#SystemCallFilter=~@memlock
#SystemCallFilter=~@module
#SystemCallFilter=~@mount
#SystemCallFilter=~@obsolete
#SystemCallFilter=~@privileged
#SystemCallFilter=~@raw-io
#SystemCallFilter=~@reboot
#SystemCallFilter=~@setuid
#SystemCallFilter=~@swap
#SystemCallErrorNumber=EPERM