[Unit]
Description=Firo (ZCoin) daemon
After=network.target

[Service]
ExecStart=/usr/bin/zcoind -daemon -conf=/home/zcoin/.zcoin/zcoin.conf -pid=/run/zcoind/zcoind.pid
# Creates /run/zcoind owned by zcoin
RuntimeDirectory=zcoind
User=zcoin
Type=forking
PIDFile=/run/zcoind/zcoind.pid
Restart=on-failure

# Hardening measures
####################

# Provide a private /tmp and /var/tmp.
PrivateTmp=true

# Mount /usr, /boot/ and /etc read-only for the process.
ProtectSystem=full

# Disallow the process and all of its children to gain
# new privileges through execve().
NoNewPrivileges=true

# Use a new /dev namespace only populated with API pseudo devices
# such as /dev/null, /dev/zero and /dev/random.
PrivateDevices=true

# Deny the creation of writable and executable memory mappings.
MemoryDenyWriteExecute=true

[Install]
WantedBy=multi-user.target
Alias=firo.service zcoin.service zcoind.service