config/tapedeck.service

# cp to /etc/systemd/system/
# systemctl daemon-reload
# systemctl start tapedeck
# systemctl status tapedeck
# systemctl enable tapedeck
[Unit]
Description=tapedeck daemon service
After=network.target network-online.target nss-lookup.target basic.target
Wants=network-online.target nss-lookup.target
StartLimitIntervalSec=30
StartLimitBurst=3

[Service]
Restart=on-failure
RestartSec=30
WorkingDirectory=/etc/tapedeck
ExecStart=/usr/local/tapedeck/tapedeck prod /etc/tapedeck/tapedeck.json
ExecReload=/bin/kill -HUP $MAINPID
LimitNOFILE=65535
NoNewPrivileges=true
ProtectHome=true
ProtectSystem=full
ProtectHostname=true
ProtectControlGroups=true
ProtectKernelModules=true
ProtectKernelTunables=true
LockPersonality=true
RestrictRealtime=yes
RestrictNamespaces=yes
MemoryDenyWriteExecute=yes
PrivateDevices=yes
PrivateTmp=true
CapabilityBoundingSet=

[Install]
WantedBy=multi-user.target