packages/arch/overseer.service

[Unit]
Description=Overseer family information system
After=network-online.target
Wants=network-online.target

[Service]
Type=simple
User=overseer
Group=overseer
ExecStart=/usr/bin/overseer \
    --config /etc/overseer.yaml \
    --template-dir /usr/share/overseer/modules \
    --static-dir /usr/share/overseer/static
WorkingDirectory=/var/lib/overseer
RuntimeDirectory=overseer
RuntimeDirectoryMode=0755
Restart=on-failure
RestartSec=5

# Hardening
NoNewPrivileges=true
PrivateTmp=true
ProtectSystem=strict
ProtectHome=true
ReadWritePaths=/var/lib/overseer
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectControlGroups=true
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
LockPersonality=true
RestrictRealtime=true

[Install]
WantedBy=multi-user.target