[Unit]

Description=${SERVICE_NAME}
After=syslog.target
After=network.target

[Service]

Type=simple
User=${SERVICE_USER}
Group=${SERVICE_GROUP}
WorkingDirectory=${SERVICE_HOME}
ExecStart=${SERVICE_HOME}/go-apps/bin/filtron -api '${FILTRON_API}' -listen '${FILTRON_LISTEN}' -rules '${FILTRON_RULES}' -target '${FILTRON_TARGET}'

Restart=always
Environment=USER=${SERVICE_USER} HOME=${SERVICE_HOME}

# Some distributions may not support these hardening directives.  If you cannot
# start the service due to an unknown option, comment out the ones not supported
# by your version of systemd.

ProtectSystem=full
PrivateDevices=yes
PrivateTmp=yes
NoNewPrivileges=true

[Install]

WantedBy=multi-user.target