montana/Node/montana-node.service

[Unit]
Description=Montana Local Node (M8 cross-machine, Proof-of-Time)
Documentation=https://github.com/efir369999/Montana
After=network.target
Wants=network-online.target

[Service]
Type=simple
User=montana
Group=montana
ExecStart=/usr/local/bin/montana-node start --data-dir /var/lib/montana --listen /ip4/0.0.0.0/tcp/8444 --genesis-manifest /etc/montana/genesis-manifest.json
Restart=on-failure
RestartSec=10
StandardOutput=journal
StandardError=journal

# Hardening (per systemd security best-practice)
NoNewPrivileges=yes
PrivateTmp=yes
ProtectSystem=strict
ProtectHome=yes
ReadWritePaths=/var/lib/montana
ProtectKernelTunables=yes
ProtectKernelModules=yes
ProtectControlGroups=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
LockPersonality=yes
MemoryDenyWriteExecute=no
SystemCallArchitectures=native

# Resource limits — узел single-thread + libp2p network thread (1 узел = ~110% CPU max)
CPUQuota=200%
LimitNOFILE=8192

[Install]
WantedBy=multi-user.target
Montana/Node/: инструкция развёртывания валидаторского узла Полная пошаговая документация (README + systemd unit + genesis-manifest) для добавления нового p2p-узла к существующей сети Montana без перегенерации genesis. Новый узел подключается к bootstrap-peers через M8, скачивает state, проходит Bootstrap → CandidateVdf → Registered → Active. Появляется в NodeTable автоматически. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-05-14 20:45:14 +03:00			`[Unit]`
			`Description=Montana Local Node (M8 cross-machine, Proof-of-Time)`
			`Documentation=https://github.com/efir369999/Montana`
			`After=network.target`
			`Wants=network-online.target`

			`[Service]`
			`Type=simple`
			`User=montana`
			`Group=montana`
			`ExecStart=/usr/local/bin/montana-node start --data-dir /var/lib/montana --listen /ip4/0.0.0.0/tcp/8444 --genesis-manifest /etc/montana/genesis-manifest.json`
			`Restart=on-failure`
			`RestartSec=10`
			`StandardOutput=journal`
			`StandardError=journal`

			`# Hardening (per systemd security best-practice)`
			`NoNewPrivileges=yes`
			`PrivateTmp=yes`
			`ProtectSystem=strict`
			`ProtectHome=yes`
			`ReadWritePaths=/var/lib/montana`
			`ProtectKernelTunables=yes`
			`ProtectKernelModules=yes`
			`ProtectControlGroups=yes`
			`RestrictRealtime=yes`
			`RestrictSUIDSGID=yes`
			`LockPersonality=yes`
			`MemoryDenyWriteExecute=no`
			`SystemCallArchitectures=native`

			`# Resource limits — узел single-thread + libp2p network thread (1 узел = ~110% CPU max)`
			`CPUQuota=200%`
			`LimitNOFILE=8192`

			`[Install]`
			`WantedBy=multi-user.target`