Update matterbridge.service to 1.24.1-1

The matterbridge.service comes from the Parabola x86_64 matterbridge
1.24.1-1 package and this time it works without any changes.

Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>

1 files changed, 10 insertions, 7 deletions

diff --git a/matterbridge.service b/matterbridge.service
index 4925cc2..34dacd0 100644
--- a/matterbridge.service
+++ b/matterbridge.service
@@ -1,11 +1,15 @@
 [Unit]
 Description=Multi-protocols bridge for online communications
-After=network.target
+After=network-online.target
 
 [Service]
 User=matterbridge
 DynamicUser=yes
-ExecStart=/usr/bin/matterbridge -conf /etc/matterbridge.toml
+StateDirectory=matterbridge
+ExecStartPre=+/usr/bin/install --owner=matterbridge --mode=400 -T /etc/matterbridge.toml %S/matterbridge/matterbridge.toml
+ExecStart=/usr/bin/matterbridge -conf %S/matterbridge/matterbridge.toml
+Restart=on-failure
+RestartSec=5s
 Type=simple
 CapabilityBoundingSet=
 AmbientCapabilities=
@@ -17,19 +21,18 @@ PrivateTmp=true
 PrivateDevices=true
 PrivateNetwork=false
 PrivateUsers=true
-# ProtectHostname=true
-# ProtectClock=true
+ProtectHostname=true
+ProtectClock=true
 ProtectKernelTunables=true
 ProtectKernelModules=true
-# ProtectKernelLogs=true
+ProtectKernelLogs=true
 ProtectControlGroups=true
 RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
 RestrictNamespaces=true
-MemoryDenyWriteExecute=true
 LockPersonality=true
 RestrictRealtime=true
 RestrictSUIDSGID=true
-# SystemCallFilter=@system-service
+SystemCallFilter=@system-service
 SystemCallArchitectures=native
 
 [Install]