[Unit]
Description=bitcoind

# https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/
After=network-online.target
Wants=network-online.target

OnFailure=unit-status-email@%n.service

[Service]
ExecStart=/var/external/asb/bitcoin/bin/bitcoind -conf=/var/external/asb/bitcoin/conf/bitcoin-testnet-default.conf -datadir=/var/external/asb/bitcoin --logtimestamps=0

Restart=on-failure
TimeoutStopSec=600

User=asb
Group=asb

# Hardening measures
####################

# Provide a private /tmp and /var/tmp.
PrivateTmp=true

# Mount /usr, /boot/ and /etc read-only for the process.
ProtectSystem=full

# Deny access to /home, /root and /run/user
ProtectHome=true

# Disallow the process and all of its children to gain
# new privileges through execve().
NoNewPrivileges=true

# Use a new /dev namespace only populated with API pseudo devices
# such as /dev/null, /dev/zero and /dev/random.
PrivateDevices=true

# Deny the creation of writable and executable memory mappings.
MemoryDenyWriteExecute=true

[Install]
WantedBy=multi-user.target