Add template systemd unit

Closes: #36

README.md

@@ -67,6 +67,7 @@ Agnos leverages let's encrypt capability to follow DNS `NS` records. It requires
         1. [Certificates](#certificates)
     1. [Configuration of your DNS provider](#configuration-of-your-dns-provider)
     1. [Running agnos](#running-agnos)
+    1. [Systemd units](#systemd-units)
 1. [Developers](#developers)
 
 <!-- /TOC -->
@@ -220,6 +221,10 @@ _acme-challenge.another.examp.le    NS      agnos-ns.doma.in
 
 When running, it checks whether the certificates of the full chain are going to expire in the next 30 days, and only renew them in that case, so it is suitable to be used in a cron job.
 
+## Systemd units
+
+A systemd unit and timers are provided in the `systemd` folder of this repo.
+
 # Developers
 
 PRs and issues are very welcome.

systemd/agnos.service

@@ -0,0 +1,17 @@
+[Unit]
+Description=Agnos, obtain ACME/Let's encrypt certificates using DNS-01
+After=network.target
+
+[Service]
+Type=oneshot
+ExecStart=agnos /etc/agnos/config.toml --no-staging
+
+# Hardening
+ProtectSystem=true
+ProtectKernelModules=yes
+ProtectControlGroups=yes
+NoNewPrivileges=true
+
+# Reload webserver after agnos has run
+# ExecStartPost=systemctl restart nginx
+

systemd/agnos.timer

@@ -0,0 +1,10 @@
+[Unit]
+Description=Check ACME/Let's encrypt certificates daily and renew them if necessary
+
+[Timer]
+OnCalendar=daily
+Persistent=true
+AccuracySec=1h
+
+[Install]
+WantedBy=timers.target