Production-Grade systemd Unit Generation

Deploying long-running applications on Linux often leads to "it works until it crashes" scenarios. This skill automates the creation of hardened, production-ready systemd service units that ensure your Python, Node.js, Go, or Rust applications stay running, restart on failure, and operate within a secure sandbox environment.

What it does

The skill generates a specialized {{APP_NAME}}-service/ package containing:

• A Hardened Unit File: Implements Restart=always, ProtectSystem=strict, and over 20 sandbox directives (NoNewPrivileges, PrivateTmp, syscall filters) to limit the blast radius of a compromised process.
• Idempotent Install Script: Automatically handles unit placement in /etc/systemd/system/, daemon-reloads, enables on boot, and starts the service.
• Management Documentation: A focused README with the exact commands needed for logs, status checks, and restarts.

Why use this skill

Prompting an AI for a "systemd file" usually results in a bare-bones template. This skill follows DevSecOps best practices by enforcing non-root execution, journald logging (no more manual log rotation), and strict filesystem allowlisting. It handles the nuances of Python virtual environments and network-restricted binaries out of the box, ensuring your VPS or Raspberry Pi remains stable and secure.

Supported Environments

Supports any Linux distribution using systemd (Ubuntu, Debian, Fedora, Raspberry Pi OS). Ideal for standalone binaries, Python venvs, Node.js apps, and uvicorn/gunicorn workers.