[Unit]
Description=mkr/bin service
After=network.target

[Service]
Restart=on-abort
Type=simple
User=bot
Group=bot
Environment=BIN_MONGO_CSTRING=mongodb://localhost:27017/bin-store BIN_PORT=8080
WorkingDirectory=/home/bot/bin
ExecStart=/usr/bin/npm start
ExecReload=/bin/kill -USR1 $MAINPID
KillMode=mixed
KillSignal=SIGQUIT
TimeoutStopSec=5s

# Security
PrivateTmp=true
ProtectSystem=full
NoNewPrivileges=true
ProtectControlGroups=true
ProtectKernelModules=true
ProtectKernelTunables=true
PrivateDevices=true
RestrictAddressFamilies=AF_INET AF_INET6
RestrictNamespaces=true
RestrictRealtime=true
SystemCallArchitectures=native

[Install]
WantedBy=multi-user.target