48 lines
1.2 KiB
Desktop File
48 lines
1.2 KiB
Desktop File
[Unit]
|
|
Description=MYP Backend Service (Python 3.11)
|
|
Documentation=https://github.com/myp-project/backend
|
|
After=network-online.target
|
|
Wants=network-online.target
|
|
Before=myp-kiosk.service
|
|
|
|
[Service]
|
|
Type=simple
|
|
User=myp
|
|
Group=myp
|
|
WorkingDirectory=/opt/myp/backend/app
|
|
Environment=PYTHONPATH=/opt/myp/backend/app
|
|
Environment=FLASK_ENV=production
|
|
Environment=FLASK_APP=app.py
|
|
Environment=PYTHONUNBUFFERED=1
|
|
Environment=PYTHONDONTWRITEBYTECODE=1
|
|
ExecStartPre=/bin/sleep 5
|
|
ExecStart=/opt/myp/backend/venv/bin/python3.11 app.py --host 0.0.0.0 --port 443 --cert certs/backend.crt --key certs/backend.key
|
|
ExecReload=/bin/kill -HUP $MAINPID
|
|
Restart=always
|
|
RestartSec=10
|
|
TimeoutStartSec=60
|
|
TimeoutStopSec=30
|
|
StandardOutput=journal
|
|
StandardError=journal
|
|
SyslogIdentifier=myp-backend
|
|
|
|
# Sicherheitseinstellungen
|
|
NoNewPrivileges=true
|
|
PrivateTmp=true
|
|
ProtectSystem=strict
|
|
ProtectHome=true
|
|
ProtectKernelTunables=true
|
|
ProtectKernelModules=true
|
|
ProtectControlGroups=true
|
|
RestrictRealtime=true
|
|
RestrictSUIDSGID=true
|
|
ReadWritePaths=/opt/myp/backend/app/logs
|
|
ReadWritePaths=/opt/myp/backend/app/database
|
|
ReadWritePaths=/opt/myp/backend/app/uploads
|
|
|
|
# Ressourcenlimits
|
|
MemoryMax=1G
|
|
CPUQuota=80%
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target |