[Unit]
Description=Run lego (letsencrypt client in go)

[Service]
Type=oneshot
EnvironmentFile={{ lego_base_path }}/%i.conf
User={{ lego_systemd_user }}
Group={{ lego_systemd_group }}
ExecStart={{ lego_base_path }}/run.sh
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=basic.target
DefaultInstance=default