add example systemd service
This commit is contained in:
parent
2156c6f2b4
commit
4e771c9638
26
whitelister.service
Normal file
26
whitelister.service
Normal file
|
|
@ -0,0 +1,26 @@
|
|||
[Unit]
|
||||
Description=Whitelister Eternal
|
||||
|
||||
[Service]
|
||||
User=whitelister
|
||||
Group=whitelister
|
||||
Restart=always
|
||||
RestartSec=5
|
||||
Type=simple
|
||||
WorkingDirectory=/srv/whitelister
|
||||
Environment=NODE_ENV=production
|
||||
ExecStart=/usr/bin/node /srv/whitelister/dist/index.js
|
||||
MemoryMax=4G
|
||||
|
||||
# Hardening
|
||||
PrivateTmp=yes
|
||||
NoNewPrivileges=true
|
||||
RestrictNamespaces=uts ipc pid user cgroup
|
||||
ProtectKernelTunables=yes
|
||||
ProtectKernelModules=yes
|
||||
ProtectControlGroups=yes
|
||||
PrivateDevices=yes
|
||||
RestrictSUIDSGID=true
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Loading…
Reference in a new issue