# /usr/lib/systemd/system/plakken.service
[Unit]
Description=A paste server
After=network.target

[Service]
Type=simple
User=plakken

ExecStart=/usr/bin/plakken


EnvironmentFile=/etc/plakken/env

ProtectSystem=strict
ProtectHome=true
NoNewPrivileges=yes
RestrictNamespaces=true
PrivateTmp=true
PrivateDevices=true
PrivateUsers=true
ProtectClock=true
ProtectControlGroups=true
ProtectKernelTunables=true
ProtectKernelLogs=true
ProtectKernelModules=true
LockPersonality=true
RestrictSUIDSGID=true
RemoveIPC=true
RestrictRealtime=true
SystemCallArchitectures=native
MemoryDenyWriteExecute=true
UMask=177 
ProtectProc=invisible
CapabilityBoundingSet=
ProtectHostname=true
RestrictAddressFamilies=~AF_(INET|INET6)
RestrictAddressFamilies=~…
RestrictAddressFamilies=~AF_UNIX
RestrictAddressFamilies=~AF_NETLINK
RestrictAddressFamilies=~AF_PACKET
SystemCallFilter=~@reboot
SystemCallFilter=~@obsolete
SystemCallFilter=~@mount
SystemCallFilter=~@module
SystemCallFilter=~@debug
SystemCallFilter=~@cpu-emulation
SystemCallFilter=~@clock
SystemCallFilter=~@swap
SystemCallFilter=~@privileged
ProcSubset=pid

[Install]
WantedBy=multi-user.target