[Unit]
Description=Munin CGI HTML Service
After=network.target
PartOf=munin.service
Requires=munin-cgi-html.socket

[Service]
StandardInput=socket
User=www-data
Group=munin
ExecStart=/usr/lib/munin/cgi/munin-cgi-html

# Hardening
NoNewPrivileges=yes
PrivateDevices=yes
ProtectHome=yes
ProtectSystem=strict
ReadWriteDirectories=-/var/log/munin
PrivateDevices=yes
PrivateNetwork=yes
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
RestrictAddressFamilies=

[Install]
WantedBy=multi-user.target