From 4e771c9638f10827298a8979c7e47dce9822d3f0 Mon Sep 17 00:00:00 2001
From: Elijah R <elijah@computernewb.com>
Date: Fri, 26 Jul 2024 00:55:46 -0400
Subject: [PATCH] add example systemd service

---
 whitelister.service | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 whitelister.service

diff --git a/whitelister.service b/whitelister.service
new file mode 100644
index 0000000..c4bcaf5
--- /dev/null
+++ b/whitelister.service
@@ -0,0 +1,26 @@
+[Unit]
+Description=Whitelister Eternal
+
+[Service]
+User=whitelister
+Group=whitelister
+Restart=always
+RestartSec=5
+Type=simple
+WorkingDirectory=/srv/whitelister
+Environment=NODE_ENV=production
+ExecStart=/usr/bin/node /srv/whitelister/dist/index.js
+MemoryMax=4G
+
+# Hardening
+PrivateTmp=yes
+NoNewPrivileges=true
+RestrictNamespaces=uts ipc pid user cgroup
+ProtectKernelTunables=yes
+ProtectKernelModules=yes
+ProtectControlGroups=yes
+PrivateDevices=yes
+RestrictSUIDSGID=true
+
+[Install]
+WantedBy=multi-user.target