65 lines
1.3 KiB
Desktop File
65 lines
1.3 KiB
Desktop File
# Cashumints.space API - Systemd Service File
|
|
#
|
|
# Installation:
|
|
# sudo cp deploy/cashumints-api.service /etc/systemd/system/
|
|
# sudo systemctl daemon-reload
|
|
# sudo systemctl enable cashumints-api
|
|
# sudo systemctl start cashumints-api
|
|
#
|
|
# Management:
|
|
# sudo systemctl status cashumints-api
|
|
# sudo systemctl restart cashumints-api
|
|
# sudo journalctl -u cashumints-api -f
|
|
|
|
[Unit]
|
|
Description=Cashumints.space API Server
|
|
Documentation=https://cashumints.space/docs
|
|
After=network.target
|
|
Wants=network-online.target
|
|
|
|
[Service]
|
|
Type=simple
|
|
User=cashumints
|
|
Group=cashumints
|
|
WorkingDirectory=/opt/cashumints-api
|
|
|
|
# Environment
|
|
Environment=NODE_ENV=production
|
|
Environment=PORT=3000
|
|
EnvironmentFile=/opt/cashumints-api/.env
|
|
|
|
# Process
|
|
ExecStart=/usr/bin/node src/index.js
|
|
ExecReload=/bin/kill -HUP $MAINPID
|
|
|
|
# Restart policy
|
|
Restart=always
|
|
RestartSec=5
|
|
StartLimitInterval=60
|
|
StartLimitBurst=3
|
|
|
|
# Resource limits
|
|
LimitNOFILE=65536
|
|
LimitNPROC=4096
|
|
|
|
# Security hardening
|
|
NoNewPrivileges=true
|
|
PrivateTmp=true
|
|
ProtectSystem=strict
|
|
ProtectHome=true
|
|
ReadWritePaths=/opt/cashumints-api/data
|
|
ProtectKernelTunables=true
|
|
ProtectKernelModules=true
|
|
ProtectControlGroups=true
|
|
RestrictSUIDSGID=true
|
|
RestrictNamespaces=true
|
|
|
|
# Logging
|
|
StandardOutput=journal
|
|
StandardError=journal
|
|
SyslogIdentifier=cashumints-api
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
|