[Unit] Description=Jenkins Continuous Integration Server Requires=network.target After=network.target [Service] Type=simple NotifyAccess=main ExecStart=/usr/bin/java -Djava.awt.headless=true -Xmx512m -Djava.net.preferIPv4Stack=true -jar /usr/share/jenkins/jenkins.war --httpPort=22010 --httpListenAddress=127.0.0.1 Restart=always RestartSec=10 User=jenkins Group=jenkins Environment="JENKINS_HOME=/var/lib/jenkins" WorkingDirectory=/var/lib/jenkins LimitNOFILE=8192 LimitNPROC=256 UMask=0022 NoNewPrivileges=true ProtectSystem=true ReadOnlyPaths=/ ReadWritePaths=${' '.join(sorted(read_write_paths))} PrivateTmp=true PrivateDevices=true PrivateUsers=true ProtectHostname=true ProtectClock=true ProtectKernelTunables=true ProtectKernelModules=true ProtectKernelLogs=true ProtectControlGroups=true [Install] WantedBy=multi-user.target