[Unit]
Description=Glider Service (%i)
After=network.target iptables.service ip6tables.service

[Service]
Type=simple
DynamicUser=yes
Restart=always
LimitNOFILE=102400

# NOTE: CHANGE to your glider path
ExecStart=/usr/bin/glider -config /etc/glider/%i.conf

# NOTE:
# work with systemd v229 or later, so glider can listen on port below 1024 with none-root user
# CAP_NET_ADMIN: ipset, setsockopt: IP_TRANSPARENT
# CAP_NET_BIND_SERVICE: bind ports under 1024
# CAP_NET_RAW: bind raw socket and broadcasting (used by dhcpd)
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW
NoNewPrivileges=true

[Install]
WantedBy=multi-user.target