[Unit]
Description=rsync daemon <%= @name %>

[Service]
ExecStart=-/usr/bin/rsync --daemon --config=<%= @fname_real_rsync %>
StandardInput=socket
StandardError=journal
CapabilityBoundingSet=CAP_SYS_CHROOT CAP_SETUID CAP_SETGID CAP_DAC_READ_SEARCH
PrivateDevices=true
PrivateNetwork=true
ProtectHome=read-only
ProtectSystem=full