[Unit]
Description=PyMTA Email Server
After=network.target
StartLimitIntervalSec=0
# check any errors when using this service:
# journalctl -u pymta-server.service -b -f

[Service]
Type=simple
User=appuser
Group=appuser
WorkingDirectory=/opt/PyMTA-server
Environment=PYTHONUNBUFFERED=1
ExecStart=/opt/PyMTA-server/.venv/bin/python main.py
Restart=always
RestartSec=5
StandardOutput=journal
StandardError=journal

# Security settings
# Capabilities for low ports < 1024 following 2 lines:
AmbientCapabilities=CAP_NET_BIND_SERVICE
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
# if using port < 1024 comment out line bellow:
# NoNewPrivileges=true
PrivateTmp=true
ProtectSystem=strict
ReadWritePaths=/opt/PyMTA-server
ProtectHome=true

[Install]
WantedBy=multi-user.target