[Unit]
Description=Multi-user redis persistent key-value database
After=network.target
Documentation=http://redis.io/documentation, man:redis-server(1)

[Service]
User=_rspamd
Group=_rspamd
ExecStartPre=-/bin/mkdir -p ${HOME}/.redis/db/
ExecStart=/usr/local/bin/redis-server --supervised systemd --dir ${HOME}/.redis/db/ --port 0 --unixsocket ${HOME}/.redis/redis.sock --unixsocketperm 770 --save 900 1 --save 300 10 --save 60 10000
Type=notify

UMask=007
LimitNOFILE=65535

NoNewPrivileges=true
CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_SYS_RESOURCE
MemoryDenyWriteExecute=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectControlGroups=true
RestrictRealtime=true
RestrictNamespaces=true
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX

[Install]
WantedBy=multi-user.target