[Unit]
Description=Automatically configure NetworkManager in cloud
Documentation=man:nm-cloud-setup(8)
After=NetworkManager.service

[Service]
Type=oneshot
ExecStart=@libexecdir@/nm-cloud-setup

#Environment=NM_CLOUD_SETUP_LOG=TRACE

# Cloud providers are disabled by default. You need to
# Opt-in by setting the right environment variable for
# the provider.
#
# Create a drop-in file to overwrite these variables or
# use systemctl edit.
#Environment=NM_CLOUD_SETUP_EC2=yes
#Environment=NM_CLOUD_SETUP_GCP=yes
#Environment=NM_CLOUD_SETUP_AZURE=yes

CapabilityBoundingSet=
LockPersonality=yes
MemoryDenyWriteExecute=yes
NoNewPrivileges=yes
PrivateDevices=yes
PrivateTmp=yes
ProtectControlGroups=yes
ProtectHome=yes
ProtectHostname=yes
ProtectKernelLogs=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectSystem=strict
RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6
RestrictNamespaces=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
SystemCallFilter=@system-service

[Install]
WantedBy=NetworkManager.service