[Unit] Description=Prysm Ethereum Validator Client Wants=network-online.target After=network-online.target Requires=prysm-beacon-chain.service [Service] User=prysm-validator Group=prysm-validator Type=simple ExecStart=/usr/bin/validator --config-file /etc/prysm/validator.yaml --accept-terms-of-use NoNewPrivileges=yes CapabilityBoundingSet= SystemCallArchitectures=native SystemCallFilter=@system-service PrivateDevices=yes PrivateUsers=yes PrivateTmp=yes ProtectSystem=strict ReadWritePaths=/var/lib/prysm/validator ProtectClock=yes ProtectHome=true ProtectKernelLogs=yes ProtectKernelModules=yes ProtectKernelTunables=yes ProtectHostname=yes ProtectControlGroups=yes RestrictNamespaces=yes RestrictRealtime=yes RestrictSUIDSGID=yes RestrictAddressFamilies=AF_INET AF_INET6 [Install] WantedBy=multi-user.target