1[Unit] 2 3Description=${SERVICE_NAME} 4After=syslog.target 5After=network.target 6 7[Service] 8 9Type=simple 10User=${SERVICE_USER} 11Group=${SERVICE_GROUP} 12WorkingDirectory=${SERVICE_HOME} 13ExecStart=${SERVICE_HOME}/go-apps/bin/filtron -api '${FILTRON_API}' -listen '${FILTRON_LISTEN}' -rules '${FILTRON_RULES}' -target '${FILTRON_TARGET}' 14 15Restart=always 16Environment=USER=${SERVICE_USER} HOME=${SERVICE_HOME} 17 18# Some distributions may not support these hardening directives. If you cannot 19# start the service due to an unknown option, comment out the ones not supported 20# by your version of systemd. 21 22ProtectSystem=full 23PrivateDevices=yes 24PrivateTmp=yes 25NoNewPrivileges=true 26 27[Install] 28 29WantedBy=multi-user.target 30