[Unit]
Description=OONI Test heper
Documentation=https://ooni.org/
After=network.target tor.target
Wants=network-online.target

[Service]
Type=simple
ExecStart=/usr/bin/oohelperd
TimeoutStopSec=5
KillMode=mixed

User=oohelperd
PermissionsStartOnly=true
Restart=on-abnormal
RestartSec=2s
LimitNOFILE=65536
WorkingDirectory=/var/lib/oohelperd
RuntimeDirectory=oohelperd
StateDirectory=oohelperd
LogsDirectory=oohelperd
ConfigurationDirectory=oohelperd

# Sandboxing
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
LockPersonality=yes
NoNewPrivileges=yes
PrivateDevices=yes
PrivateTmp=yes
PrivateUsers=yes
ProtectClock=yes
ProtectControlGroups=yes
ProtectHome=yes
ProtectHostname=yes
ProtectKernelLogs=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectSystem=full
ReadOnlyDirectories=/
ReadWriteDirectories=-/proc
ReadWriteDirectories=-/var/lib/oohelperd
ReadWriteDirectories=-/var/run
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictNamespaces=yes
RestrictRealtime=yes
SystemCallArchitectures=native
SystemCallFilter=@system-service

[Install]
WantedBy=multi-user.target