| Current Path : /usr/lib/systemd/system/ |
| Current File : //usr/lib/systemd/system/worf-agent.service |
[Unit] Description=Worf Agent - Dynamic IP blocklist manager After=network-online.target redis.service Wants=network-online.target [Service] Type=simple ExecStart=/usr/local/bin/worf-agent --config /etc/worf-agent.conf ExecReload=/bin/kill -HUP $MAINPID Restart=on-failure RestartSec=5 # Security hardening NoNewPrivileges=yes ProtectSystem=strict ProtectHome=yes PrivateTmp=yes ReadWritePaths=/var/run/worf-agent /etc/nftables-dynamic.conf # nft needs CAP_NET_ADMIN AmbientCapabilities=CAP_NET_ADMIN CapabilityBoundingSet=CAP_NET_ADMIN Environment=RUST_LOG=info [Install] WantedBy=multi-user.target