[Unit]
Description=Run a sliding sync proxy for the matrix protocol
Wants=network-online.target
After=network-online.target

[Service]
EnvironmentFile=/etc/matrix-sliding-sync.conf
ExecStart=/usr/bin/syncv3
User=slidingsync
Group=slidingsync
DynamicUser=true
PrivateUsers=true
ProtectHome=true
ProtectSystem=strict
SystemCallFilter=@system-service
NoNewPrivileges=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectKernelLogs=true
ProtectControlGroups=true
MemoryDenyWriteExecute=true
RestrictSUIDSGID=true
KeyringMode=private
ProtectClock=true
RestrictRealtime=true
PrivateDevices=true
PrivateTmp=true
ProtectHostname=true
ProtectProc=noaccess
ProcSubset=pid
LockPersonality=true

[Install]
WantedBy=multi-user.target