[Unit]
Description=SoftEther VPN Server
After=network.target auditd.service
ConditionPathExists=!${CPACK_PACKAGING_INSTALL_PREFIX}/libexec/softether/vpnserver/do_not_run

[Service]
Type=forking
TasksMax=16777216
EnvironmentFile=-${CPACK_PACKAGING_INSTALL_PREFIX}/libexec/softether/vpnserver
ExecStart=${CPACK_PACKAGING_INSTALL_PREFIX}/libexec/softether/vpnserver/vpnserver start
ExecStop=${CPACK_PACKAGING_INSTALL_PREFIX}/libexec/softether/vpnserver/vpnserver stop
KillMode=process
Restart=on-failure

# Hardening
PrivateTmp=yes
ProtectHome=yes
ProtectSystem=full
ReadOnlyDirectories=/
ReadWriteDirectories=-${CPACK_PACKAGING_INSTALL_PREFIX}/libexec/softether/vpnserver
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_NICE CAP_SYSLOG CAP_SETUID

[Install]
WantedBy=multi-user.target