[Unit]
Description=Redundant shortcut-based meta search engine
After=network.target
Wants=network-online.target

[Service]
Environment=XDG_DATA_HOME=/var/lib RUST_LOG=info
ExecStart=/usr/bin/fastbangs-rs /etc/fastbangs-rs.yaml
Restart=on-failure
RestartSec=10s
Type=simple
User=fastbangs

AmbientCapabilities=CAP_NET_BIND_SERVICE
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
LockPersonality=yes
MemoryDenyWriteExecute=yes
NoNewPrivileges=yes
PrivateDevices=true
PrivateTmp=true
ProtectClock=yes
ProtectControlGroups=yes
ProtectHome=true
ProtectHostname=yes
ProtectKernelLogs=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectSystem=full
RestrictAddressFamilies=~AF_PACKET AF_NETLINK
RestrictNamespaces=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
SystemCallArchitectures=native
SystemCallFilter=@system-service

[Install]
WantedBy=multi-user.target