diff --git a/update.sh b/update.sh index 8c678d2..d3198d4 100755 --- a/update.sh +++ b/update.sh @@ -8,7 +8,7 @@ function prettyPrint { } # Grab all service names -declare -a services=('androidx-release-watcher' 'caddy' 'gitea' 'horbiswalls-bot' 'mirror-bot' 'uno-bot') +declare -a services=('androidx-release-watcher' 'caddy' 'gitea' 'horbiswalls-bot' 'mirror-bot' 'uno-bot', 'walls-bot') declare -a timers=('release-watcher-recent') # Now loop through each service and install it diff --git a/walls-bot.service b/walls-bot.service new file mode 100644 index 0000000..3427bea --- /dev/null +++ b/walls-bot.service @@ -0,0 +1,26 @@ +[Unit] +Description=horbiswalls Telegram bot service +After=network.target + +[Service] +Restart=on-abort +Type=simple +User=bot +WorkingDirectory=/home/bot/walls-bot +ExecStart=/home/bot/walls-bot/gradlew run +ExecReload=/bin/kill -USR1 $MAINPID + +; Use graceful shutdown with a reasonable timeout +KillMode=mixed +KillSignal=SIGQUIT +TimeoutStopSec=5s + +; Use private /tmp and /var/tmp, which are discarded after the process stops. +PrivateTmp=true +; Use a minimal /dev (May bring additional security if switched to 'true', but it may not work on Raspberry Pi's or other devices, so it has been disabled in this dist.) +PrivateDevices=false +; Make /usr, /boot, /etc and possibly some more folders read-only. +ProtectSystem=full + +[Install] +WantedBy=multi-user.target