SYSTEMD_UNITLocal

systemd unit ジェネレータ

service、timer、socket、mount の systemd unit を生成し、リソース制限、セキュリティ hardening、配置パス、systemctl コマンドを表示します。

ユニットタイプ

ファイル名

Description

After

Requires

Wants

Conflicts

Service Type

ExecStart

ExecStartPre

ExecStartPost

ExecStop

WorkingDirectory

User

Group

Environment

EnvironmentFile

Restart

RestartSec

TimeoutStartSec

TimeoutStopSec

LimitNOFILE

LimitNPROC

MemoryMax

CPUQuota

PrivateTmpProtectSystemProtectHomeNoNewPrivileges

ReadOnlyPaths

ReadWritePaths

CapabilityBoundingSet

AmbientCapabilities

SystemCallFilter

OnCalendar

OnBootSec

OnUnitActiveSec

Persistent

ListenStream

What

Where

Type

Options

WantedBy

RequiredBy

Alias

systemd unit

[Unit]
Description=InfraLab service
After=network-online.target

[Service]
Type=simple
ExecStart=/usr/bin/node /opt/app/server.js
WorkingDirectory=/opt/app
User=www-data
Environment=NODE_ENV=production
Restart=on-failure
RestartSec=5s
TimeoutStartSec=30s
TimeoutStopSec=30s
LimitNOFILE=65535
PrivateTmp=yes
ProtectSystem=strict
ProtectHome=yes
NoNewPrivileges=yes
ReadWritePaths=/var/lib/infralab
SystemCallFilter=@system-service

[Install]
WantedBy=multi-user.target

配置と有効化

sudo install -m 0644 infralab.service /etc/systemd/system/infralab.service
sudo systemctl daemon-reload
sudo systemctl enable --now infralab.service