[Unit]
Description=Enpls Proxy EnginE Utility Service 
After=network.target

[Service]
Type=simple
; User=epee
; Group=epee
WorkingDirectory=/etc/epee/
ExecStart=/usr/bin/epee-service

NoNewPrivileges=yes
ProtectSystem=strict
ProtectHome=true
RestrictNamespaces=true
PrivateTmp=true
PrivateDevices=true
ProtectClock=true
ProtectControlGroups=true
ProtectKernelTunables=true
ProtectKernelLogs=true
ProtectKernelModules=true
LockPersonality=true
RestrictSUIDSGID=true
RemoveIPC=true
RestrictRealtime=true
SystemCallFilter=@system-service
SystemCallArchitectures=native
MemoryDenyWriteExecute=true

[Install]
WantedBy=multi-user.target