[Unit]
Description=YourPart Daemon Service
Documentation=https://your-part.de
After=network.target postgresql.service
Wants=postgresql.service

[Service]
Type=simple
User=yourpart
Group=yourpart
WorkingDirectory=/opt/yourpart
ExecStart=/usr/local/bin/yourpart-daemon
ExecStop=/bin/kill -TERM $MAINPID
ExecReload=/bin/kill -HUP $MAINPID
KillMode=mixed
KillSignal=SIGTERM
TimeoutStartSec=30
TimeoutStopSec=30
Restart=always
RestartSec=5
StandardOutput=journal
StandardError=journal
SyslogIdentifier=yourpart-daemon

# Sicherheitseinstellungen
NoNewPrivileges=true
PrivateTmp=true
ProtectSystem=strict
ProtectHome=true
ReadWritePaths=/opt/yourpart/logs /var/log/yourpart
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectControlGroups=true

# Umgebungsvariablen
Environment=NODE_ENV=production
Environment=PYTHONUNBUFFERED=1

# Ressourcenlimits
LimitNOFILE=65536
LimitNPROC=4096

[Install]
WantedBy=multi-user.target