From 4d95ddad4c1805fc50360995d98e6f30ac19a944 Mon Sep 17 00:00:00 2001
From: Daniel Perna <danielperna84@gmail.com>
Date: Thu, 23 Aug 2018 20:35:01 +0200
Subject: [PATCH] Added option users can comment out to increase security

---
 hass-configurator.systemd | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/hass-configurator.systemd b/hass-configurator.systemd
index 229fa5f..1a28c1f 100644
--- a/hass-configurator.systemd
+++ b/hass-configurator.systemd
@@ -5,6 +5,18 @@ After=network.target
 [Service]
 Type=simple
 User=homeassistant
+# Some security related options.
+# See https://www.freedesktop.org/software/systemd/man/systemd.exec.html for details.
+# NoNewPrivileges=true
+# ProtectSystem=true
+# InaccessiblePaths=-/mnt -/media
+# ReadOnlyPaths=/bin -/lib -/lib64 -/sbin
+# PrivateTmp=true
+# ProtectKernelTunables=true
+# ProtectKernelModules=true
+# ProtectControlGroups=true
+# RestrictRealtime=true
+
 # Set configuration options by specifying environment variables
 # Environment=HC_LISTENIP=0.0.0.0
 # Environment=HC_PORT=3218