[Unit] Description=onionrouter After=network.target tor.service Before=postfix.service [Service] ExecStart=/usr/bin/onionrouter Restart=on-failure RestartSec=10s DynamicUser=true PrivateDevices=true PrivateUsers=true ProtectClock=true ProtectControlGroups=true ProtectHome=true ProtectKernelLogs=true ProtectKernelModules=true ProtectKernelTunables=true ProtectHostname=true RestrictRealtime=true MemoryDenyWriteExecute=true [Install] WantedBy=default.target