From 2a8c4d881d7c5fb7f668b8db9d6e839ee56589a2 Mon Sep 17 00:00:00 2001
From: Yiyang Kang <kkyy@kkyy.me>
Date: Mon, 21 Nov 2022 04:11:08 +0800
Subject: [PATCH] feat: add systemd service file

---
 systemd/tgbot-misaka-5882f7.service | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 systemd/tgbot-misaka-5882f7.service

diff --git a/systemd/tgbot-misaka-5882f7.service b/systemd/tgbot-misaka-5882f7.service
new file mode 100644
index 0000000..51812d3
--- /dev/null
+++ b/systemd/tgbot-misaka-5882f7.service
@@ -0,0 +1,26 @@
+[Unit]
+Description=Telegram Bot Misaka 5882f7
+After=network.target
+
+[Service]
+Type=simple
+ExecStart=/usr/local/tgbot_misaka_5882f7/bin/tgbot_misaka_5882f7
+EnvironmentFile=/usr/local/tgbot_misaka_5882f7/cfg/env
+
+Restart=on-failure
+RestartSec=5
+
+DynamicUser=yes
+ProtectSystem=strict
+ProtectHome=yes
+PrivateDevices=yes
+SystemCallFilter=@system-service
+SystemCallErrorNumber=EPERM
+NoNewPrivileges=yes
+PrivateTmp=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
+MemoryDenyWriteExecute=yes
+CapabilityBoundingSet=
+
+[Install]
+WantedBy=multi-user.target