[Unit]
Description=Redis service for scrumblr app.
After=network.target

[Service]
Type=simple
User=__APP__
Group=__APP__
WorkingDirectory=__INSTALL_DIR__/
ExecStart=/usr/bin/redis-server __INSTALL_DIR__/redis.conf 
ExecStop=/bin/kill -s TERM $MAINPID
PIDFile=__INSTALL_DIR__/redis-server-__PORT_REDIS__.pid
TimeoutStopSec=0
Restart=always

UMask=007
PrivateTmp=yes
LimitNOFILE=65535
PrivateDevices=yes
ProtectHome=yes
#ReadOnlyDirectories=/
ReadWriteDirectories=-/var/lib/__APP__
ReadWriteDirectories=-/var/log/__APP__
ReadWriteDirectories=-__INSTALL_DIR__

NoNewPrivileges=true
CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_SYS_RESOURCE
MemoryDenyWriteExecute=true
ProtectKernelModules=true
ProtectControlGroups=true
RestrictRealtime=true
RestrictNamespaces=true
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX

[Install]
WantedBy=multi-user.target