[Unit]
Description=Bitwarden Server (Rust Edition)
Documentation=https://github.com/dani-garcia/bitwarden_rs
After=network.target

[Service]
# The user/group bitwarden_rs is run under. the working directory (see below) should allow write and read access to this user/group
User={{ item.name }}
Group={{ item.name }}
# The location of the .env file for configuration
EnvironmentFile=/etc/{{ item.name }}_bitwarden_rs.env
# The location of the compiled binary
ExecStart={{ item.app_folder }}/bitwarden_rs
# Set reasonable connection and process limits
LimitNOFILE=1048576
LimitNPROC=64
# Isolate bitwarden_rs from the rest of the system
PrivateTmp=true
PrivateDevices=true
ProtectHome=true
ProtectSystem=strict
# Only allow writes to the following directory and set it to the working directory (user and password data are stored here)
WorkingDirectory={{ item.app_folder }}
ReadWriteDirectories={{ item.app_folder }}

[Install]
WantedBy=multi-user.target