nsatoshi
f2e0434ad6
Some checks failed
Deploy to Phoenix / deploy (push) Failing after 7s
Adds webapp-nginx.conf, systemd/currencicombo-orchestrator.service, and install-prune-cron.sh — all three referenced by main's existing install.sh / deploy script / webapp.service / README but missing from the4a1f69acommit. Byte-identical to PR #31 branchded7d24. Closes gap so CT 8604 can boot cleanly.
35 lines
871 B
Desktop File
35 lines
871 B
Desktop File
[Unit]
|
|
Description=CurrenciCombo orchestrator (Node)
|
|
Documentation=https://gitea.d-bis.org/d-bis/CurrenciCombo
|
|
After=network-online.target postgresql.service redis-server.service redis.service
|
|
Wants=network-online.target
|
|
|
|
[Service]
|
|
Type=simple
|
|
User=currencicombo
|
|
Group=currencicombo
|
|
WorkingDirectory=/opt/currencicombo/orchestrator
|
|
EnvironmentFile=/etc/currencicombo/orchestrator.env
|
|
ExecStart=/usr/bin/node /opt/currencicombo/orchestrator/dist/index.js
|
|
Restart=on-failure
|
|
RestartSec=5
|
|
TimeoutStopSec=20
|
|
StandardOutput=journal
|
|
StandardError=journal
|
|
SyslogIdentifier=currencicombo-orchestrator
|
|
|
|
# Hardening
|
|
NoNewPrivileges=yes
|
|
PrivateTmp=yes
|
|
ProtectSystem=strict
|
|
ProtectHome=yes
|
|
ReadWritePaths=/var/log/currencicombo
|
|
ProtectKernelTunables=yes
|
|
ProtectKernelModules=yes
|
|
ProtectControlGroups=yes
|
|
RestrictSUIDSGID=yes
|
|
LockPersonality=yes
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|