c9: Sync some security settings with caddy upstream

Signed-off-by: Harsh Shandilya <harsh@prjkt.io>

c9.service

@@ -1,13 +1,28 @@
 [Unit]
-Description=Jarvis-CI-Bot service
+Description=cloud9 local IDE
 After=network.target
 
 [Service]
+Restart=on-abort
 Type=simple
 User=msfjarvis
 WorkingDirectory=/home/msfjarvis
 ExecStart=/usr/bin/node /etc/caddy/core/server.js -p 8080 -a : -w ~/
-Restart=on-abort
+ExecReload=/bin/kill -USR1 $MAINPID
+
+; Use graceful shutdown with a reasonable timeout
+KillMode=mixed
+KillSignal=SIGQUIT
+TimeoutStopSec=5s
+
+; Use private /tmp and /var/tmp, which are discarded after caddy stops.
+PrivateTmp=true
+; Use a minimal /dev (May bring additional security if switched to 'true', but it may not work on Raspberry Pi's or other devices, so it has been disabled in this dist.)
+PrivateDevices=false
+; Hide /home, /root, and /run/user. Nobody will steal your SSH-keys.
+ProtectHome=true
+; Make /usr, /boot, /etc and possibly some more folders read-only.
+ProtectSystem=full
 
 [Install]
 WantedBy=multi-user.target