[Unit]
Description=Morty instance
After=network.target

[Service]
Type=simple
User=nobody
PrivateTmp=true
PrivateDevices=true
# Prevent access to /home, /root, and /run/user
ProtectHome=true
# Prevent writes to /usr, /boot, and /etc
ProtectSystem=full
ExecStart=/usr/bin/morty -listen 127.0.0.1:3000 -key ultrasecretkey
Restart=on-failure
RestartSec=1

[Install]
WantedBy=multi-user.target