[Unit]
Description=Imunify Agent HTTP Proxy
After=network.target imunify-agent-proxy.socket
Requires=imunify-agent-proxy.socket
# Links lifecycle: stopping/restarting the socket also stops/restarts the service
PartOf=imunify-agent-proxy.socket

[Service]
Type=notify
ExecStart=/usr/bin/imunify-agent-proxy
Restart=on-failure
RestartSec=5
StandardOutput=journal
StandardError=journal
# Ensures the process is cleaned up even on older systemd versions
KillMode=mixed
NoNewPrivileges=true
# Pure userspace HTTP-to-UNIX-socket proxy: no exec, no chown, no
# setuid. Port 11234 is unprivileged, the listening socket is passed
# in via systemd socket activation.
CapabilityBoundingSet=
ProtectSystem=full
ProtectHome=yes
PrivateTmp=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6

[Install]
WantedBy=multi-user.target