# /etc/systemd/system/startos-registry.service
#
# systemd service for the StartOS registry server.
# Runs as a dedicated user, auto-restarts on failure.

[Unit]
Description=StartOS Package Registry Server
After=network.target

[Service]
Type=simple
User=registry
Group=registry
WorkingDirectory=/opt/startos-registry
ExecStart=/usr/bin/node server.js
Restart=on-failure
RestartSec=5
Environment=PORT=3030
Environment=NODE_ENV=production

# Reload packages without restart (updates registry.json + all package.json)
ExecReload=/bin/kill -HUP $MAINPID

# Security hardening
NoNewPrivileges=true
ProtectSystem=strict
ReadWritePaths=/opt/startos-registry
PrivateTmp=true

[Install]
WantedBy=multi-user.target