[Unit]
Description=Clash Service
After=network.target nss-lookup.target

[Service]
User=clash
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
NoNewPrivileges=true
ExecStart=/usr/bin/clash -d /etc/clash/ -f /etc/clash/%i.yaml
Restart=on-abort
StandardOutput=file:/var/log/clash/%i.log

[Install]
WantedBy=multi-user.target