[Unit]
Description=Multimedia Service
Requires=pipewire.socket

[Service]
LockPersonality=yes
MemoryDenyWriteExecute=yes
NoNewPrivileges=yes
RestrictNamespaces=yes
SystemCallArchitectures=native
SystemCallFilter=@system-service
Type=simple
ExecStart=/usr/bin/pipewire
Restart=on-failure
RuntimeDirectory=pipewire
RuntimeDirectoryPreserve=yes
User=pipewire
Environment=PIPEWIRE_RUNTIME_DIR=%t/pipewire
SmackProcessLabel=System::Pipewire
UMask=0077

[Install]
Also=pipewire.socket
WantedBy=default.target