[Unit]
Description=Psitransfer File Sharing
After=network.target
AssertPathExists={{ psitransfer_install_dir }}

[Service]
Type=simple
Environment="PSITRANSFER_IFACE=127.0.0.1"
Environment="PSITRANSFER_PORT={{ psitransfer_port }}"
Environment=NODE_ENV=production
EnvironmentFile=-/etc/sysconfig/psitransfer
ExecStart=/usr/bin/node app.js
WorkingDirectory={{ psitransfer_install_dir }}
User={{ psitransfer_user }}
Group={{ psitransfer_user }}
Restart=on-failure

# See https://www.freedesktop.org/software/systemd/man/systemd.exec.html
# for details
DevicePolicy=closed
NoNewPrivileges=yes
PrivateDevices=yes
PrivateTmp=yes
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictNamespaces=yes
RestrictRealtime=yes
SystemCallFilter=~@clock @debug @module @mount @obsolete @privileged @reboot @setuid @swap

ProtectSystem=full
ProtectHome=true

[Install]
WantedBy=multi-user.target