[Unit]
Description=Create newsletter feed

After=network-online.target
Wants=network-online.target

[Service]
Type=oneshot
WorkingDirectory=/home/n2w/n2w
ExecStart=/home/n2w/build-feed.sh
User=n2w

# Security
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=strict
SystemCallFilter=@system-service
#SystemCallFilter=@basic-io @file-system @network-io mprotect
CapabilityBoundingSet=
NoNewPrivileges=yes
ProtectProc=invisible
RemoveIPC=yes
RestrictAddressFamilies=AF_INET AF_INET6
RestrictNamespaces=yes
PrivateUsers=yes

# ProtectHostname and ProcSubset=pid cannot go together
# see: https://github.com/systemd/systemd/pull/22203
# This is fixed in systemd v251
#ProtectHostname=yes
ProtectClock=yes
ProtectKernalTunables=yes
ProtectKernelModules=yes
ProtectKernelLogs=yes
ProtectControlGroups=yes
LockPersonality=yes
MemoryDenyWriteExecute=yes
RestrictRealtime=yes
ProcSubset=pid
UMask=0077
SystemCallArchitectures=native
RestrictSUIDSGID=yes