tor/contrib/dist/tor.service.in

[Unit]
Description = Anonymizing overlay network for TCP
After = syslog.target network.target nss-lookup.target

[Service]
Type = notify
NotifyAccess = all
ExecStartPre = @BINDIR@/tor -f @CONFDIR@/torrc --verify-config
ExecStart = @BINDIR@/tor -f @CONFDIR@/torrc 
ExecReload = /bin/kill -HUP ${MAINPID}
KillSignal = SIGINT
TimeoutSec = 30
Restart = on-failure
LimitNOFILE = 32768

# Hardening
PrivateTmp = yes
DeviceAllow = /dev/null rw
DeviceAllow = /dev/urandom r
InaccessibleDirectories = /home
ReadOnlyDirectories = /
ReadWriteDirectories = @LOCALSTATEDIR@/lib/tor
ReadWriteDirectories = @LOCALSTATEDIR@/log/tor
ReadWriteDirectories = @LOCALSTATEDIR@/run/tor
NoNewPrivileges = yes

[Install]
WantedBy = multi-user.target