status/etc/systemd/system/statping.service

[Unit]
Description=Statping server
After=ssh.service nginx.service docker.service gitea.service drone.service grafana.service prometheus.service

[Service]
Slice=statping.slice
Delegate=no
Nice=18
IOSchedulingClass=2
Restart=always
RestartSec=10
ExecStartPre=/usr/bin/docker-compose -p statping -f /etc/statping/docker-compose.yml down
ExecStart=/usr/bin/docker-compose -p statping -f /etc/statping/docker-compose.yml up --remove-orphans
ExecStop=/usr/bin/docker-compose -p statping -f /etc/statping/docker-compose.yml stop

CapabilityBoundingSet=
SystemCallFilter=~@reboot @debug
ProtectHome=true
RestrictNamespaces=uts ipc pid user cgroup
; RestrictNamespaces=true
NoNewPrivileges=True
InaccessiblePaths=/dev/shm
ReadWritePaths=-/etc/statping
ReadWritePaths=-/var/lib/statping
ProtectSystem=strict
DevicePolicy=closed
PrivateTmp=true
PrivateDevices=true
PrivateUsers=true
ProtectHostname=true
ProtectClock=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectKernelLogs=true
ProtectControlGroups=true
LockPersonality=true
MemoryDenyWriteExecute=true
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictRealtime=true
RestrictSUIDSGID=true
SystemCallArchitectures=native

[Install]
WantedBy=multi-user.target