[Unit]
Description=fpark
After=network.target

[Service]
WorkingDirectory=/var/www/fpark
User=fpark
ExecStart=/var/www/fpark/fpark start -c fpark.config.json
Restart=always
ProtectControlGroups=true
ProtectHostname=true
ProtectHome=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectSystem=full
LockPersonality=true
RestrictSUIDSGID=true
SystemCallArchitectures=native
NoNewPrivileges=true

[Install]
WantedBy=multi-user.target