node preparation basic script

Signed-off-by: Uncle Stinky <uncle.stinky@ghostchain.io>

scripts/packaging/template.service

@@ -0,0 +1,38 @@
+[Unit]
+Description=Ghost Node
+After=network.target
+Documentation=https://git.ghostchain.io/ghostchain/ghost-node
+
+[Service]
+EnvironmentFile=-/etc/default/ghost
+ExecStart=/usr/bin/ghost $GHOST_CLI_ARGS
+User=ghost
+Group=ghost
+Restart=always
+RestartSec=30
+TODO CapabilityBoundingSet=
+LockPersonality=true
+NoNewPrivileges=true
+PrivateDevices=true
+PrivateMounts=true
+PrivateTmp=true
+PrivateUsers=true
+ProtectClock=true
+ProtectControlGroups=true
+ProtectHostname=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+TODO ProtectSystem=strict
+RemoveIPC=true
+TODO RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_UNIX
+gRestrictNamespaces=false
+RestrictSUIDSGID=true
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+SystemCallFilter=landlock_add_rule landlock_create_ruleset landlock_restrict_self seccomp mount umount2
+SystemCallFilter=~@clock @module @reboot @swap @privileged
+SystemCallFilter=pivot_root
+UMask=0027
+
+[Install]
+WantedBy=multi-user.target