57 lines
1.2 KiB
Desktop File
57 lines
1.2 KiB
Desktop File
[Unit]
|
|
Description=QR Code Generation Server (ISO 18004)
|
|
Documentation=https://github.com/your-org/server18004
|
|
After=network.target
|
|
Wants=network-online.target
|
|
|
|
[Service]
|
|
Type=simple
|
|
User=qrserver
|
|
Group=qrserver
|
|
|
|
# Binary location (adjust after cargo build --release)
|
|
ExecStart=/usr/local/bin/server18004 \
|
|
--config-path /etc/server18004/server.conf \
|
|
--domains-path /etc/server18004/domains.conf
|
|
|
|
# Restart policy
|
|
Restart=on-failure
|
|
RestartSec=5
|
|
StartLimitIntervalSec=60
|
|
StartLimitBurst=5
|
|
|
|
# Environment
|
|
Environment=RUST_LOG=info
|
|
# Uncomment for debug logging:
|
|
# Environment=RUST_LOG=debug
|
|
|
|
# Security hardening
|
|
NoNewPrivileges=true
|
|
ProtectSystem=strict
|
|
ProtectHome=true
|
|
PrivateTmp=true
|
|
PrivateDevices=true
|
|
ProtectKernelTunables=true
|
|
ProtectKernelModules=true
|
|
ProtectControlGroups=true
|
|
RestrictSUIDSGID=true
|
|
MemoryDenyWriteExecute=true
|
|
LockPersonality=true
|
|
RestrictRealtime=true
|
|
RestrictNamespaces=true
|
|
|
|
# Allow writing to config directory (for domain persistence)
|
|
ReadWritePaths=/etc/server18004
|
|
|
|
# Resource limits
|
|
LimitNOFILE=65536
|
|
LimitNPROC=4096
|
|
|
|
# Logging
|
|
StandardOutput=journal
|
|
StandardError=journal
|
|
SyslogIdentifier=server18004
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|