[Unit]
Description=WorkflowDirect git bot for %i
After=network-online.target

[Service]
Type=exec
ExecStart=/usr/bin/workflow-direct
EnvironmentFile=-/etc/default/%i/workflow-direct.env
#DynamicUser=yes
NoNewPrivileges=yes
ProtectSystem=strict
# DynamicUser does not work as we cannot seem to be able to put SSH keyfiles into the temp home that are readable by SSH
# Also, systemd override is needed away to assign User to run this. This should be dependent per instance.
ProtectHome=no
PrivateTmp=yes
# RuntimeDirectory=%i
# SLES 15 doesn't have HOME set for dynamic users, so we improvise
# BindReadOnlyPaths=/etc/default/%i/known_hosts:/etc/ssh/ssh_known_hosts /etc/default/%i/config.json:%t/%i/config.json /etc/default/%i/id_ed25519 /etc/default/%i/id_ed25519.pub
# WorkingDirectory=%t/%i

[Install]
WantedBy=multi-user.target