tcpaste/contrib/systemd/tcp-erased.service.in

[Unit]
Description=TCPaste erased
Wants=network-online.target
After=network.target network-online.target

[Service]
User=unsha
Group=http
Type=simple
WorkingDirectory=@path@
ExecStart=@bindir@/@erased_target@ @addrs_erased@
Restart=always
RestartSec=60s
CapabilityBoundingSet=
NoNewPrivileges=True
ProtectSystem=strict
ProtectHome=true
ReadWritePaths=@path@
PrivateTmp=true
PrivateDevices=true
PrivateUsers=true
ProtectHostname=true
ProtectClock=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectKernelLogs=true
ProtectControlGroups=true
LockPersonality=true
MemoryDenyWriteExecute=true
RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_UNIX
RestrictRealtime=true
RestrictSUIDSGID=true
SystemCallArchitectures=native
SystemCallFilter=@system-service
SystemCallErrorNumber=EPERM

[Install]
WantedBy=multi-user.target