File webhook.service of Package webhook

[Unit]
Description=webhook
Documentation=https://github.com/adnanh/webhook
Wants=network.target
After=network.target

ConditionDirectoryNotEmpty=/etc/%N

[Service]
User=%N
Group=%N

EnvironmentFile=/etc/sysconfig/%N
ExecStart=/usr/bin/%N $ARGS

Restart=on-failure
RestartSec=1
StartLimitBurst=3

AmbientCapabilities=
CapabilityBoundingSet=
KeyringMode=private
LockPersonality=yes
LockPersonality=yes
MemoryDenyWriteExecute=yes
MountFlags=private
NoNewPrivileges=yes
PrivateDevices=yes
PrivateTmp=yes
PrivateUsers=yes
ProtectClock=yes
ProtectControlGroups=yes
ProtectHome=yes
ProtectHostname=yes
ProtectKernelLogs=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectSystem=strict
RemoveIPC=yes
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
RestrictNamespaces=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
SystemCallArchitectures=native

# filter covers webhook service execution and execution of shell hook scripts including pipes
SystemCallFilter=@basic-io @file-system @io-event @ipc @network-io @signal madvise setrlimit uname @process ioctl sysinfo fadvise64

[Install]
WantedBy=multi-user.target