[Unit]
Description=Lokinet: Anonymous Network layer thingydoo
Wants=network-online.target
After=network-online.target
Wants=lokinet-default-config.service
After=lokinet-default-config.service
Requires=modprobe@tun.service
After=modprobe@tun.service

[Service]
Type=notify
WatchdogSec=30s
User=_lokinet
SyslogIdentifier=lokinet
WorkingDirectory=/var/lib/lokinet
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
ExecStart=/usr/bin/lokinet /var/lib/lokinet/lokinet.ini
Restart=always
RestartSec=5s

# Hardening
ReadWritePaths=/var/lib/lokinet

[Install]
WantedBy=multi-user.target