##########################################################################
# whois42d example service file
##########################################################################

[Unit]
Description=Whois dn42 daemon
After=network.target

[Install]
WantedBy=multi-user.target

[Service]

# running as an unprivileged user requires the whois42d binary
# to be installed with additional capabilities for port 43 binding
#
# setcap 'cap_net_bind_service=+ep' ./whois42d
#
User=whoisd
Group=whoisd

Type=simple
Restart=on-failure

# service hardening
ProtectSystem=strict
ReadOnlyPaths=/home/whoisd/registry
NoNewPrivileges=yes
ProtectControlGroups=yes
PrivateTmp=yes
PrivateDevices=yes
DevicePolicy=closed
MemoryDenyWriteExecute=yes

# exec func
ExecStart=/usr/local/bin/whois42d \
     -registry /home/whoisd/registry

##########################################################################
# end of file