[Unit]
Description=Matrix-Telegram hybrid puppeting/relaybot bridge

[Service]
ExecStart=python -m mautrix_telegram -b /usr/share/mautrix-telegram/example-config.yaml -c /etc/mautrix-telegram/config.yaml -r /etc/mautrix-telegram/registration.yaml
Restart=on-failure
User=mautrix-telegram
WorkingDirectory=~

ReadWritePaths=/var/lib/mautrix-telegram

NoNewPrivileges=yes
MemoryDenyWriteExecute=true
PrivateDevices=yes
PrivateTmp=yes
ProtectSystem=strict
ProtectControlGroups=true
RestrictSUIDSGID=true
RestrictRealtime=true
LockPersonality=true
ProtectKernelLogs=true
ProtectKernelTunables=true
ProtectHostname=true
ProtectKernelModules=true
ProtectClock=true
SystemCallArchitectures=native

[Install]
WantedBy=multi-user.target