[Unit]
Description=Favoritter - Self-hosted favorites web app
After=network.target

[Service]
Type=simple
User=favoritter
Group=favoritter
EnvironmentFile=/etc/favoritter/favoritter.env
ExecStart=/usr/bin/favoritter
Restart=on-failure
RestartSec=5

# Hardening
NoNewPrivileges=yes
ProtectSystem=strict
ProtectHome=yes
ReadWritePaths=/var/lib/favoritter
PrivateTmp=yes
ProtectKernelTunables=yes
ProtectControlGroups=yes
RestrictSUIDSGID=yes

[Install]
WantedBy=multi-user.target