[Unit]
Description = XMLTV grabber tool using Gracenote's TMS API
After=network.target

[Service]
ExecStart = /usr/bin/easyepg-lite-git
User = easyepg-lite-git
WorkingDirectory = %S/easyepg-lite-git
StateDirectory = easyepg-lite-git
StateDirectoryMode = 0700

DynamicUser = yes
CapabilityBoundingSet =
RestrictAddressFamilies = AF_INET6 AF_INET
RestrictNamespaces = yes
NoNewPrivileges = yes
PrivateDevices = yes
PrivateMounts = yes
PrivateTmp = yes
PrivateUsers = yes
ProtectClock = yes
ProtectControlGroups = yes
ProtectHome = yes
ProtectKernelLogs = yes
ProtectKernelModules = yes
ProtectKernelTunables = yes
ProtectProc = invisible
ProtectSystem = strict
RestrictSUIDSGID = yes
SystemCallArchitectures = native
SystemCallFilter = @system-service
SystemCallFilter=~@privileged
SystemCallFilter=~@resources
RestrictRealtime = yes
LockPersonality = yes
MemoryDenyWriteExecute = yes
RemoveIPC = yes
UMask = 077
ProtectHostname = yes
ProcSubset = pid

[Install]
WantedBy=multi-user.target