File matrix-sliding-sync.service of Package matrix-sliding-sync

[Unit]
Description=Matrix Sliding Sync Service

[Service]
Type=exec
User=_matrix-sliding-sync
WorkingDirectory=/var/lib/matrix-sliding-sync
EnvironmentFile=/etc/matrix-sliding-sync/config
ExecStart=/usr/sbin/sliding-sync-proxy
Restart=on-failure
RestartSec=30s

# Optional hardening to improve security
ReadWritePaths=/var/lib/matrix-sliding-sync
NoNewPrivileges=yes
MemoryDenyWriteExecute=true
PrivateDevices=yes
PrivateTmp=yes
ProtectHome=yes
ProtectSystem=strict
ProtectControlGroups=true
RestrictSUIDSGID=true
RestrictRealtime=true
LockPersonality=true
ProtectKernelTunables=true
ProtectKernelModules=true
PrivateUsers=true
SystemCallArchitectures=native
SystemCallErrorNumber=EPERM
SystemCallFilter=@system-service

[Install]
WantedBy=multi-user.target