[Unit]
Description=Esphome *new* device builder server
After=network.target

[Service]
ExecStart=/usr/bin/esphome-device-builder /var/lib/esphome/
WorkingDirectory=/var/lib/esphome/
StandardOutput=inherit
StandardError=inherit
Restart=always
User=esphome

#CapabilityBoundingSet=
#NoNewPrivileges=true
#RemoveIPC=true
#LockPersonality=true
#ProtectControlGroups=true
#ProtectKernelTunables=true
#ProtectKernelModules=true
#ProtectKernelLogs=true
#ProtectHostname=true
#ProtectProc=noaccess
#ProtectClock=yes
#DeviceAllow=char-* rw

#RestrictRealtime=true
#RestrictSUIDSGID=true
#RestrictNamespaces=true
##RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6

#ProtectSystem=strict
#ProtectHome=true
#PrivateTmp=true

#SystemCallArchitectures=native
#SystemCallFilter=@system-service @pkey

[Install]
WantedBy=multi-user.target