max / makenotwork

1.2 KB · 56 lines History Blame Raw

1	# Multithreaded forum systemd service
2	# Place in /etc/systemd/system/multithreaded.service
3	#
4	# Commands:
5	# sudo systemctl daemon-reload
6	# sudo systemctl enable multithreaded
7	# sudo systemctl start multithreaded
8	# sudo systemctl status multithreaded
9	# journalctl -u multithreaded -f
10
11	[Unit]
12	Description=Multithreaded - Forum-first community software
13	After=network.target postgresql.service
14	Requires=postgresql.service
15
16	[Service]
17	Type=simple
18	User=multithreaded
19	Group=multithreaded
20	WorkingDirectory=/opt/multithreaded
21	ExecStart=/opt/multithreaded/multithreaded
22	Restart=always
23	RestartSec=5
24
25	# Environment file with secrets
26	EnvironmentFile=/opt/multithreaded/.env
27	Environment=HOME=/opt/multithreaded
28
29	# Security hardening
30	NoNewPrivileges=true
31	ProtectSystem=strict
32	ProtectHome=true
33	PrivateTmp=true
34	ReadWritePaths=/opt/multithreaded
35	RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
36	RestrictNamespaces=true
37	RestrictRealtime=true
38	RestrictSUIDSGID=true
39	LockPersonality=true
40	ProtectKernelTunables=true
41	ProtectKernelModules=true
42	ProtectControlGroups=true
43	SystemCallArchitectures=native
44
45	# Resource limits
46	LimitNOFILE=65535
47	MemoryMax=512M
48
49	# Logging (goes to journald)
50	StandardOutput=journal
51	StandardError=journal
52	SyslogIdentifier=multithreaded
53
54	[Install]
55	WantedBy=multi-user.target
56