[Unit]
Description=XMRig Monero Miner
After=network-online.target
AssertFileNotEmpty=/etc/xmrig/config.json

[Service]
ExecStartPre=+/usr/bin/randomx_boost.sh
ExecStartPre=+/usr/bin/enable_1gb_pages.sh
ExecStartPre=/usr/bin/xmrig --config=/etc/xmrig/config.json --dry-run
ExecStart=/usr/bin/xmrig --config=/etc/xmrig/config.json
StandardOutput=journal
StandardError=journal
DynamicUser=true
Nice=19
CPUSchedulingPolicy=idle
PrivateTmp=true
ProtectHome=true
ProtectSystem=strict
NoNewPrivileges=true
# PrivateDevices=true # https://github.com/systemd/systemd/issues/13857
CapabilityBoundingSet=
#ProtectClock=true # https://github.com/systemd/systemd/issues/20835
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectKernelLogs=true
ProtectControlGroups=true
RestrictRealtime=true
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
RestrictNamespaces=true
PrivateUsers=true
ConfigurationDirectory=xmrig

[Install]
WantedBy=multi-user.target