From 86be68f7377425a9ffd656b5befc888d5542566b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?D=C4=81vis=20Mos=C4=81ns?= <davispuh@gmail.com>
Date: Sun, 28 Jan 2024 03:12:10 +0200
Subject: [PATCH] Add systemd service example

---
 bitmagnet.service | 41 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 bitmagnet.service

diff --git a/bitmagnet.service b/bitmagnet.service
new file mode 100644
index 00000000..2187b49b
--- /dev/null
+++ b/bitmagnet.service
@@ -0,0 +1,41 @@
+[Unit]
+Description=Bitmagnet indexer and crawler
+After=network.target
+
+[Service]
+User=bitmagnet
+Group=bitmagnet
+ExecStart=/usr/bin/bitmagnet worker run --all
+Restart=on-failure
+RestartSec=15s
+UMask=0077
+CapabilityBoundingSet=
+LockPersonality=true
+MemoryDenyWriteExecute=true
+NoNewPrivileges=true
+PrivateDevices=true
+PrivateMounts=true
+PrivateTmp=true
+PrivateUsers=true
+ProcSubset=pid
+ProtectClock=true
+ProtectControlGroups=true
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelLogs=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectProc=invisible
+ProtectSystem=strict
+RemoveIPC=true
+# AF_UNIX for postgres unix socket if you use it
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictNamespaces=true
+RestrictRealtime=true
+RestrictSUIDSGID=true
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+SystemCallFilter=~@privileged
+
+[Install]
+WantedBy=multi-user.target