[Unit]
Description=Albatross VMM daemon (albatrossd)
Requires=albatross_console.service albatross_log.service albatross_stat.service
After=syslog.target albatross_console.service albatross_log.service albatross_stat.service
[Service]
Type=simple

# TODO not necessarily needs to be run as root, anything that can solo5-spt/hvt,
#  create tap interfaces should be fine!
#Environment=albatross_daemon_user=root
#User=${albatross_daemon_user}
User=root

WorkingDirectory=/

#ExecStartPre=id # the fbsd scripts do something here, not sure what
ExecStart=/usr/local/sbin/albatrossd.exe --tmpdir="%t/albatross/" -vv
#--dbdir (defaults to /run/albatross)

RuntimeDirectoryPreserve=yes
RuntimeDirectory=albatross albatross/fifo albatross/util
PIDFile=/%t/albatross/daemon.pid

## hardening stuff
ProtectSystem=full
ProtectHome=true
UMask=0077
OOMScoreAdjust=-1000
#AppArmorProfile=
#SmackProcessLabel=albatross_vmm
IgnoreSIGPIPE=true
#SystemCallFilter=~reboot
#SystemCallFilter=
RestrictAddressFamilies=AF_UNIX AF_INET
#RuntimeDirectoryMode=0700

[Install]
WantedBy=multi-user.target