[Unit]
Description=Miniflux Feed Reader
After=network.target postgresql.service

[Service]
Type=simple
EnvironmentFile=/etc/miniflux.conf
User=miniflux
ExecStart=/usr/bin/miniflux
Restart=always

# Hardening options:
NoNewPrivileges=true
PrivateDevices=true
ProtectControlGroups=true
ProtectHome=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectSystem=strict
RestrictRealtime=true

[Install]
WantedBy=multi-user.target