[Unit]
Description=HVPN node service

[Service]
Type=exec
User=hvpnnode
Group=hvpn
ExecStart=/opt/hvpn-node/hvpn-node
AmbientCapabilities=CAP_NET_ADMIN
RemainAfterExit=true
NoNewPrivileges=true
PrivateTmp=true
ProtectSystem=full 
PrivateDevices=true
ProtectKernelTunables=true

#Nice=19
#IOSchedulingClass=idle
#IOSchedulingPriority=7
#PrivateDevices=true
#PrivateNetwork=true