Systemd configuration file

2024-11-09 10:50:42 +00:00 · 2021-06-21 10:14:28 +02:00 · 2021-06-21 10:14:28 +02:00 · 5cabe75933
commit 5cabe75933
parent 5763c6b4ee
2 changed files with 39 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -105,3 +105,7 @@ Then run the server:
 ```
 PORT=80 java -jar target/typicalc-1.0-SNAPSHOT.jar
 ```
+
+### Deploying using systemd
+
+Copy the `typicalc.service` file into your systemd configuration and enable the service.
--- a/typicalc.service
+++ b/typicalc.service
@ -0,0 +1,35 @@
+[Unit]
+Description=Typicalc
+After=syslog.target network.target
+
+[Service]
+# the JVM uses this exit code when stopping due to SIGTERM
+SuccessExitStatus=143
+
+User=typicalc
+Group=typicalc
+
+Type=simple
+
+WorkingDirectory=/opt
+ExecStart=/usr/lib/jvm/java-11-openjdk-amd64/bin/java -jar /opt/typicalc-1.0-SNAPSHOT.jar
+ExecStop=/bin/kill -15 $MAINPID
+
+ProtectSystem=strict
+ProtectHome=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectControlGroups=true
+PrivateDevices=true
+PrivateTmp=true
+PrivateUsers=true
+NoNewPrivileges=true
+CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_SYS_MODULE CAP_SYS_TIME
+RestrictNamespaces=~user
+SystemCallArchitectures=native
+LockPersonality=true
+UMask=0177
+RestrictAddressFamilies=AF_INET AF_INET6
+
+[Install]
+WantedBy=multi-user.target