Implement first version of ArchiSteamFarm@.service

Service files for other variants will follow once this one is finished

ArchiSteamFarm/overlay/linux/ArchiSteamFarm@.service

@@ -0,0 +1,42 @@
+[Install]
+WantedBy=multi-user.target
+
+[Service]
+EnvironmentFile=-/etc/asf/%i
+ExecStart=/home/%i/ArchiSteamFarm/ArchiSteamFarm --no-restart --process-required --service --system-required
+Restart=on-success
+RestartSec=5s
+SyslogIdentifier=asf-%i
+User=%i
+
+# ASF hardening
+LockPersonality=yes
+PrivateDevices=yes
+PrivateMounts=yes
+PrivateUsers=yes
+ProtectClock=yes
+ProtectControlGroups=yes
+ProtectHome=read-only
+ProtectHostname=yes
+ProtectKernelLogs=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+ProtectSystem=full
+ReadWritePaths=/home/%i/ArchiSteamFarm
+RemoveIPC=yes
+RestrictAddressFamilies=AF_INET AF_INET6
+RestrictNamespaces=yes
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+
+# Not tested
+#PrivateIPC=yes
+
+# This list is incomplete, will likely crash your ASF, not to mention only a total madman would enable that
+#SystemCallFilter=accept4 access arch_prctl bind chdir chmod clone close connect epoll_create1 epoll_ctl epoll_wait fadvise64 fcntl flock fstat fsync ftruncate getcwd getdents64 getpeername getrusage getsockname getsockopt inotify_add_watch inotify_init ioctl listen lseek lstat madvise mkdir mknod mprotect openat pipe pipe2 poll pread64 read readlink recvfrom recvmsg rename rmdir rt_sigaction rt_sigprocmask sched_get_priority_max sched_get_priority_min sched_getparam sched_getscheduler sched_setaffinity sched_setscheduler sendmmsg sendmsg sendto setsockopt shutdown sigaltstack socket stat statfs sysinfo uname unlink utimensat write
+
+[Unit]
+After=network.target network-online.target
+Description=ArchiSteamFarm Service (on %I)
+Documentation=https://github.com/JustArchiNET/ArchiSteamFarm/wiki
+Wants=network-online.target