platform-deployments/systemd/sso-api.service

46 lines
929 B
Desktop File

[Unit]
Description=Lilith SSO API Service
Documentation=https://forge.nasty.sh/lilith/lilith-platform
After=network.target postgresql.service redis.service
Requires=network.target
Wants=postgresql.service redis.service
[Service]
Type=simple
User=lilith
Group=lilith
WorkingDirectory=/opt/sso/backend-api
# Environment
Environment=NODE_ENV=production
Environment=LILITH_ENV=staging
EnvironmentFile=-/opt/sso/.env
# Service configuration
ExecStart=/usr/bin/node dist/main.js
ExecReload=/bin/kill -HUP $MAINPID
Restart=always
RestartSec=5
# Resource limits
LimitNOFILE=65536
MemoryMax=512M
CPUQuota=100%
# Security hardening
NoNewPrivileges=true
ProtectSystem=strict
ProtectHome=true
PrivateTmp=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectControlGroups=true
ReadWritePaths=/opt/sso/logs
# Logging
StandardOutput=journal
StandardError=journal
SyslogIdentifier=sso-api
[Install]
WantedBy=multi-user.target