DECNET/deploy/decnet-web.service

[Unit]
Description=DECNET Web Dashboard Service
Documentation=https://github.com/4nt11/DECNET/wiki/Web-Dashboard
After=network-online.target decnet-api.service
Wants=network-online.target

[Service]
Type=simple
User=decnet
Group=decnet
WorkingDirectory=/opt/decnet
EnvironmentFile=-/opt/decnet/.env.local
ExecStart=/opt/decnet/venv/bin/decnet web

# Uncomment if you bind the dashboard to a privileged port (80/443):
# CapabilityBoundingSet=CAP_NET_BIND_SERVICE
# AmbientCapabilities=CAP_NET_BIND_SERVICE
CapabilityBoundingSet=
AmbientCapabilities=

# Security Hardening
NoNewPrivileges=yes
ProtectSystem=full
ProtectHome=read-only
PrivateTmp=yes
ProtectKernelTunables=yes
ProtectKernelModules=yes
ProtectControlGroups=yes
RestrictSUIDSGID=yes
LockPersonality=yes
ReadWritePaths=/opt/decnet /var/log/decnet
ReadOnlyPaths=/etc/decnet

Restart=on-failure
RestartSec=5

[Install]
WantedBy=multi-user.target