Update to 2021-12-17 09:00

roles/miniflux/templates/miniflux.service.j2

@@ -7,6 +7,9 @@ Type=notify
 EnvironmentFile={{ miniflux_root_dir }}/etc/miniflux.conf
 User={{ miniflux_user }}
 ExecStart={{ miniflux_root_dir }}/bin/miniflux
+RuntimeDirectory=miniflux
+Restart=always
+RestartSec=5
 Restart=always
 NoNewPrivileges=true
 PrivateDevices=true
@@ -15,9 +18,20 @@ ProtectHome=true
 ProtectKernelModules=true
 ProtectKernelTunables=true
 ProtectSystem=strict
+ProtectHostname=yes
+ProtectKernelLogs=yes
+ProtectClock=yes
 RestrictRealtime=true
+RestrictNamespaces=yes
 ReadWritePaths=/run
 PrivateTmp=true
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+SystemCallFilter=~@privileged
+SystemCallFilter=~@resources
+SystemCallErrorNumber=EPERM
+LockPersonality=yes
+MemoryDenyWriteExecute=yes
 
 [Install]
 WantedBy=multi-user.target