[Unit]
Description=CollabVM AnyOS bot

Wants=collabvmts@vm7.service
#Wants=collabvm@vm8.service
After=network.target

[Service]
User=collabvm
Group=collabvm
Type=simple


WorkingDirectory=/srv/collabvm/anyos-bot-new-new
ExecStart=/bin/node dist/index.js --max-old-space-size=1024 --use-largepages=on

# Hardening
PrivateTmp=yes
NoNewPrivileges=true
RestrictNamespaces=uts ipc pid user cgroup

# bleh
CPUQuota=50%
MemoryHigh=512M
MemoryMax=1G

ProtectKernelTunables=yes
ProtectKernelModules=yes
ProtectControlGroups=yes
PrivateDevices=yes
RestrictSUIDSGID=true

# avoids funny business
Restart=always
RestartSec=10

[Install]
WantedBy=multi-user.target