[Unit]
Description=Games Lobby
After=network.target

[Service]
Type=simple
User=games
Group=games
WorkingDirectory=/opt/games
ExecStart=/opt/games/games
Restart=on-failure
RestartSec=5

Environment=PORT=8080

# Hardening
NoNewPrivileges=true
ProtectSystem=strict
ProtectHome=true
ReadWritePaths=/opt/games
PrivateTmp=true

[Install]
WantedBy=multi-user.target