[Unit]
Description=The Arsse newsfeed fetching service
Documentation=https://thearsse.com/manual/
PartOf=arsse.service

[Install]
WantedBy=multi-user.target

[Service]
User=arsse
Group=arsse
Type=simple
WorkingDirectory=/usr/share/arsse
ExecStart=/usr/bin/arsse daemon

ProtectProc=invisible
NoNewPrivileges=true
ProtectSystem=full
ProtectHome=true
StateDirectory=arsse
ConfigurationDirectory=arsse
PrivateTmp=true
PrivateDevices=true
RestrictSUIDSGID=true
StandardOutput=journal
StandardError=journal
SyslogIdentifier=arsse
Restart=on-failure
RestartPreventStatus=

# These directives can be used for extra security, but are disabled for now for compatibility

#ReadOnlyPaths=/
#ReadWriePaths=/var/lib/arsse
#NoExecPaths=/
#ExecPaths=/usr/bin/php