Newer
Older
[Unit]
Description=User Private Key Store
After=network.target
[Service]
User=keystored
Group=keystored
EnvironmentFile=-/etc/default/keystored
ExecStart=/usr/bin/keystored --addr $ADDR
Restart=always
# Hardening
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
ProtectHome=yes
ProtectSystem=full
ReadOnlyDirectories=/
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target