[Unit] Description=Anonymizing overlay network for TCP (instance: %i) After=syslog.target network.target nss-lookup.target PartOf=tor-master.service ReloadPropagatedFrom=tor-master.service [Service] Type=notify NotifyAccess=all ExecStartPre=/usr/bin/tor --runasdaemon 0 --defaults-torrc /usr/share/tor/defaults-torrc -f /etc/tor/%i.torrc --verify-config ExecStart=/usr/bin/tor --runasdaemon 0 --defaults-torrc /usr/share/tor/defaults-torrc -f /etc/tor/%i.torrc ExecReload=/bin/kill -HUP ${MAINPID} KillSignal=SIGINT TimeoutSec=30 Restart=on-failure RestartSec=1 WatchdogSec=1m LimitNOFILE=32768 # Hardening PrivateTmp=yes DeviceAllow=/dev/null rw DeviceAllow=/dev/urandom r ProtectHome=yes ProtectSystem=full ReadOnlyDirectories=/run ReadOnlyDirectories=/var ReadWriteDirectories=/run/tor ReadWriteDirectories=/var/lib/tor ReadWriteDirectories=/var/log/tor CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE CAP_DAC_READ_SEARCH PermissionsStartOnly=yes [Install] WantedBy = multi-user.target