46 lines
929 B
Desktop File
46 lines
929 B
Desktop File
[Unit]
|
|
Description=Lilith SSO API Service
|
|
Documentation=https://forge.nasty.sh/lilith/lilith-platform
|
|
After=network.target postgresql.service redis.service
|
|
Requires=network.target
|
|
Wants=postgresql.service redis.service
|
|
|
|
[Service]
|
|
Type=simple
|
|
User=lilith
|
|
Group=lilith
|
|
WorkingDirectory=/opt/sso/backend-api
|
|
|
|
# Environment
|
|
Environment=NODE_ENV=production
|
|
Environment=LILITH_ENV=staging
|
|
EnvironmentFile=-/opt/sso/.env
|
|
|
|
# Service configuration
|
|
ExecStart=/usr/bin/node dist/main.js
|
|
ExecReload=/bin/kill -HUP $MAINPID
|
|
Restart=always
|
|
RestartSec=5
|
|
|
|
# Resource limits
|
|
LimitNOFILE=65536
|
|
MemoryMax=512M
|
|
CPUQuota=100%
|
|
|
|
# Security hardening
|
|
NoNewPrivileges=true
|
|
ProtectSystem=strict
|
|
ProtectHome=true
|
|
PrivateTmp=true
|
|
ProtectKernelTunables=true
|
|
ProtectKernelModules=true
|
|
ProtectControlGroups=true
|
|
ReadWritePaths=/opt/sso/logs
|
|
|
|
# Logging
|
|
StandardOutput=journal
|
|
StandardError=journal
|
|
SyslogIdentifier=sso-api
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|