AnyOSInstallBotJS/collabvm-anyosbot.service

[Unit]
Description=CollabVM AnyOS bot

Wants=collabvmts@vm7.service
#Wants=collabvm@vm8.service
After=network.target

[Service]
User=collabvm
Group=collabvm
Type=simple


WorkingDirectory=/srv/collabvm/anyos-bot-new-new
ExecStart=/bin/node index.js --max-old-space-size=1024 --use-largepages=on

# Hardening
PrivateTmp=yes
NoNewPrivileges=true
RestrictNamespaces=uts ipc pid user cgroup

# bleh
CPUQuota=50%
MemoryHigh=512M
MemoryMax=1G

ProtectKernelTunables=yes
ProtectKernelModules=yes
ProtectControlGroups=yes
PrivateDevices=yes
RestrictSUIDSGID=true

# avoids funny business
Restart=always
RestartSec=10

[Install]
WantedBy=multi-user.target
init 2024-06-23 18:32:40 -04:00			`[Unit]`
			`Description=CollabVM AnyOS bot`

			`Wants=collabvmts@vm7.service`
			`#Wants=collabvm@vm8.service`
			`After=network.target`

			`[Service]`
			`User=collabvm`
			`Group=collabvm`
			`Type=simple`


			`WorkingDirectory=/srv/collabvm/anyos-bot-new-new`
			`ExecStart=/bin/node index.js --max-old-space-size=1024 --use-largepages=on`

			`# Hardening`
			`PrivateTmp=yes`
			`NoNewPrivileges=true`
			`RestrictNamespaces=uts ipc pid user cgroup`

			`# bleh`
			`CPUQuota=50%`
			`MemoryHigh=512M`
			`MemoryMax=1G`

			`ProtectKernelTunables=yes`
			`ProtectKernelModules=yes`
			`ProtectControlGroups=yes`
			`PrivateDevices=yes`
			`RestrictSUIDSGID=true`

			`# avoids funny business`
			`Restart=always`
			`RestartSec=10`

			`[Install]`
			`WantedBy=multi-user.target`