a90b659f3a
- Add hermes-gateway.service with restart=always and security hardening - Integrate service setup into deploy.sh - Add --service flag for standalone install - Add make service target Resolves #2
41 lines
880 B
Desktop File
41 lines
880 B
Desktop File
[Unit]
|
|
Description=Hermes Gateway — The Door Crisis API
|
|
Documentation=https://forge.alexanderwhitestone.com/Timmy_Foundation/the-door
|
|
After=network.target
|
|
Wants=network-online.target
|
|
|
|
[Service]
|
|
Type=simple
|
|
User=hermes
|
|
Group=hermes
|
|
WorkingDirectory=/opt/hermes
|
|
ExecStart=/usr/local/bin/hermes gateway --platform api_server --port 8644
|
|
Restart=always
|
|
RestartSec=5
|
|
StartLimitIntervalSec=60
|
|
StartLimitBurst=10
|
|
|
|
# Environment
|
|
Environment=API_SERVER_CORS_ORIGINS=https://alexanderwhitestone.com,https://www.alexanderwhitestone.com
|
|
Environment=HOME=/opt/hermes
|
|
|
|
# Security hardening
|
|
NoNewPrivileges=yes
|
|
ProtectSystem=strict
|
|
ProtectHome=yes
|
|
ReadWritePaths=/opt/hermes
|
|
PrivateTmp=yes
|
|
|
|
# Resource limits for 1.9GB VPS
|
|
MemoryMax=512M
|
|
MemoryHigh=384M
|
|
CPUQuota=80%
|
|
|
|
# Logging
|
|
StandardOutput=journal
|
|
StandardError=journal
|
|
SyslogIdentifier=hermes-gateway
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|