As of policy version 4.5.0, init scripts are now completely optional. I have attached the latest service file that we are using in FreedomBox. This one enables various systemd sandboxing features.
[Unit] Description=collaborative text editor service Documentation=man:infinoted(1) After=network.target
[Service] User=infinoted Group=infinoted ExecStart=/usr/bin/infinoted ConfigurationDirectory=infinoted ConfigurationDirectoryMode=0750 LockPersonality=yes NoNewPrivileges=yes PrivateDevices=yes PrivateMounts=yes PrivateTmp=yes ProtectControlGroups=yes ProtectHome=yes ProtectKernelLogs=yes ProtectKernelModules=yes ProtectKernelTunables=yes ProtectSystem=full RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 RestrictRealtime=yes StateDirectory=infinoted SystemCallArchitectures=native [Install] WantedBy=multi-user.target
signature.asc
Description: OpenPGP digital signature