diff options
author | Stonewall Jackson <stonewall@sacredheartsc.com> | 2023-02-04 01:23:43 -0500 |
---|---|---|
committer | Stonewall Jackson <stonewall@sacredheartsc.com> | 2023-02-04 01:52:13 -0500 |
commit | 0261e875679f1bf63c8d689da7fc7e014597885d (patch) | |
tree | 3f19cd74a0c1070944f75437f30b098d6ef2ffcb /roles/teddit/templates/etc/systemd/system | |
download | selfhosted-0261e875679f1bf63c8d689da7fc7e014597885d.tar.gz selfhosted-0261e875679f1bf63c8d689da7fc7e014597885d.zip |
initial commit
Diffstat (limited to 'roles/teddit/templates/etc/systemd/system')
-rw-r--r-- | roles/teddit/templates/etc/systemd/system/teddit.service.j2 | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/roles/teddit/templates/etc/systemd/system/teddit.service.j2 b/roles/teddit/templates/etc/systemd/system/teddit.service.j2 new file mode 100644 index 0000000..35e3d9d --- /dev/null +++ b/roles/teddit/templates/etc/systemd/system/teddit.service.j2 @@ -0,0 +1,36 @@ +[Unit] +Description=teddit reddit proxy +After=network.target redis@{{ teddit_redis_port }}.service +Requires=redis@{{ teddit_redis_port }}.service +AssertPathExists={{ teddit_install_dir }} + +[Service] +Type=simple +Environment="LISTEN_ADDRESS=127.0.0.1" +Environment="NODE_ENV=production" +EnvironmentFile=-/etc/sysconfig/teddit +ExecStart=/usr/bin/node app.js +WorkingDirectory={{ teddit_install_dir }} +User={{ teddit_user }} +Group={{ teddit_user }} +Restart=on-failure + +# See https://www.freedesktop.org/software/systemd/man/systemd.exec.html +# for details +DevicePolicy=closed +NoNewPrivileges=yes +PrivateDevices=yes +PrivateTmp=yes +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +SystemCallFilter=~@clock @debug @module @mount @obsolete @privileged @reboot @setuid @swap + +ProtectSystem=full +ProtectHome=true + +[Install] +WantedBy=multi-user.target |