From 5cabe759336a54f0281b732c386d04097e2fd969 Mon Sep 17 00:00:00 2001
From: Arne Keller <arne.keller@student.kit.edu>
Date: Mon, 21 Jun 2021 10:14:28 +0200
Subject: [PATCH] Systemd configuration file

---
 README.md        |  4 ++++
 typicalc.service | 35 +++++++++++++++++++++++++++++++++++
 2 files changed, 39 insertions(+)
 create mode 100644 typicalc.service

diff --git a/README.md b/README.md
index 8995b90..d739556 100644
--- a/README.md
+++ b/README.md
@@ -105,3 +105,7 @@ Then run the server:
 ```
 PORT=80 java -jar target/typicalc-1.0-SNAPSHOT.jar
 ```
+
+### Deploying using systemd
+
+Copy the `typicalc.service` file into your systemd configuration and enable the service.
diff --git a/typicalc.service b/typicalc.service
new file mode 100644
index 0000000..99122e2
--- /dev/null
+++ b/typicalc.service
@@ -0,0 +1,35 @@
+[Unit]
+Description=Typicalc
+After=syslog.target network.target
+
+[Service]
+# the JVM uses this exit code when stopping due to SIGTERM
+SuccessExitStatus=143
+
+User=typicalc
+Group=typicalc
+
+Type=simple
+
+WorkingDirectory=/opt
+ExecStart=/usr/lib/jvm/java-11-openjdk-amd64/bin/java -jar /opt/typicalc-1.0-SNAPSHOT.jar
+ExecStop=/bin/kill -15 $MAINPID
+
+ProtectSystem=strict
+ProtectHome=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectControlGroups=true
+PrivateDevices=true
+PrivateTmp=true
+PrivateUsers=true
+NoNewPrivileges=true
+CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_SYS_MODULE CAP_SYS_TIME
+RestrictNamespaces=~user
+SystemCallArchitectures=native
+LockPersonality=true
+UMask=0177
+RestrictAddressFamilies=AF_INET AF_INET6
+
+[Install]
+WantedBy=multi-user.target
\ No newline at end of file