[Unit]
Description=Gitea DevOps Platform
ConditionPathExists=/etc/gitea/app.ini
StartLimitBurst=3
StartLimitIntervalSec=60
After=network.target network-online.target
Wants=network-online.target

[Service]
Type=simple
Restart=on-failure
ExecStartPre=/usr/bin/bash -c "umask '226'; /usr/bin/test -f '/etc/gitea/internal_token' || /usr/sbin/gitea generate secret INTERNAL_TOKEN > '/etc/gitea/internal_token'"
ExecStartPre=/usr/bin/bash -c "umask '226'; /usr/bin/test -f '/etc/gitea/jwt_secret' || /usr/sbin/gitea generate secret JWT_SECRET > '/etc/gitea/jwt_secret'"
ExecStartPre=/usr/bin/bash -c "umask '226'; /usr/bin/test -f '/etc/gitea/lfs_jwt_secret' || /usr/sbin/gitea generate secret LFS_JWT_SECRET > '/etc/gitea/lfs_jwt_secret'"
ExecStartPre=/usr/bin/bash -c "umask '226'; /usr/bin/test -f '/etc/gitea/secret_key' || /usr/sbin/gitea generate secret SECRET_KEY > '/etc/gitea/secret_key'"
ExecStart=/usr/sbin/gitea web --config /etc/gitea/app.ini
ExecStartPost=/usr/bin/sh -c "umask '022'; /usr/bin/pgrep --newest 'gitea' > '/run/gitea/gitea.pid'"
ExecStop=/usr/bin/rm --force '/run/gitea/gitea.pid'
User=git
Group=git
PrivateDevices=true
PrivateTmp=true
ProtectSystem=strict
ReadWriteDirectories=/etc/gitea
ReadWriteDirectories=/var/lib/gitea
ReadWriteDirectories=/var/log/gitea
RuntimeDirectory=gitea
RuntimeDirectoryMode=755
RuntimeDirectoryPreserve=yes
WorkingDirectory=/var/lib/gitea

[Install]
WantedBy=multi-user.target