[Unit]
Description=leguichet-out daemon
After=network.target

[Service]
Type=simple
User=leguichet-out
Group=leguichet-out
EnvironmentFile=/etc/default/leguichet-out
ExecStart=/usr/bin/leguichet-out -o ${GUICHETOUT} -d ${DIODEOUT} -l ${LOG}
Restart=always
SystemCallFilter=~ptrace
PrivateDevices=yes
ProtectSystem=full
InaccessiblePaths=/proc
RemoveIPC=true
RestrictSUIDSGID=true
ProtectKernelModules=true

[Install]
WantedBy=multi-user.target