tractatus/systemd/tractatus-prod.service

[Unit]
Description=Tractatus AI Safety Framework (Production)
Documentation=https://tractatus.sydigital.co.nz
After=network.target mongod.service
Wants=mongod.service

[Service]
Type=simple
User=ubuntu
Group=ubuntu
WorkingDirectory=/var/www/tractatus

# Environment
Environment=NODE_ENV=production
Environment=PORT=9000
EnvironmentFile=/var/www/tractatus/.env

# Execution
ExecStart=/usr/bin/node src/server.js
Restart=always
RestartSec=10

# Security hardening
NoNewPrivileges=true
PrivateTmp=true
ProtectSystem=strict
ProtectHome=true
ReadWritePaths=/var/www/tractatus/logs
ReadWritePaths=/var/www/tractatus/uploads

# Logging
StandardOutput=journal
StandardError=journal
SyslogIdentifier=tractatus

# Resource limits
LimitNOFILE=65536
MemoryLimit=2G

[Install]
WantedBy=multi-user.target