[Unit]
Description=The Onion Router

[Service]
ExecStartPre=/usr/bin/tor --verify-config -f /etc/tor/torrc
ExecStart=/usr/bin/tor --RunAsDaemon 0 -f /etc/tor/torrc
ExecReload=/bin/kill -HUP $MAINPID
KillSignal=SIGINT
TimeoutStopSec=32
LimitNOFILE=30000

# Hardening options:
CapabilityBoundingSet = CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE
PrivateTmp = yes
PrivateDevices = yes
ProtectHome = yes
ProtectSystem = full
NoNewPrivileges = yes

[Install]
WantedBy=multi-user.target