diff --git a/ArchiSteamFarm/overlay/generic-netf/ArchiSteamFarm@.service b/ArchiSteamFarm/overlay/generic-netf/ArchiSteamFarm@.service
new file mode 100644
index 000000000..5e63af18f
--- /dev/null
+++ b/ArchiSteamFarm/overlay/generic-netf/ArchiSteamFarm@.service
@@ -0,0 +1,42 @@
+[Install]
+WantedBy=multi-user.target
+
+[Service]
+EnvironmentFile=-/etc/asf/%i
+ExecStart=mono /home/%i/ArchiSteamFarm/ArchiSteamFarm.exe --no-restart --process-required --service --system-required
+Restart=on-success
+RestartSec=5s
+SyslogIdentifier=asf-%i
+User=%i
+
+# ASF security hardening
+LockPersonality=yes
+PrivateDevices=yes
+PrivateMounts=yes
+PrivateUsers=yes
+ProtectClock=yes
+ProtectControlGroups=yes
+ProtectHome=read-only
+ProtectHostname=yes
+ProtectKernelLogs=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+ProtectSystem=full
+ReadWritePaths=/home/%i/ArchiSteamFarm /tmp/ASF
+RemoveIPC=yes
+RestrictAddressFamilies=AF_INET AF_INET6
+RestrictNamespaces=yes
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+
+# Not tested
+#PrivateIPC=yes
+
+# This list is incomplete, will likely crash your ASF, not to mention only a total madman would enable that
+#SystemCallFilter=accept4 access arch_prctl bind chdir chmod clone close connect epoll_create1 epoll_ctl epoll_wait fadvise64 fcntl flock fstat fsync ftruncate getcwd getdents64 getpeername getrusage getsockname getsockopt inotify_add_watch inotify_init ioctl listen lseek lstat madvise mkdir mknod mprotect openat pipe pipe2 poll pread64 read readlink recvfrom recvmsg rename rmdir rt_sigaction rt_sigprocmask sched_get_priority_max sched_get_priority_min sched_getparam sched_getscheduler sched_setaffinity sched_setscheduler sendmmsg sendmsg sendto setsockopt shutdown sigaltstack socket stat statfs sysinfo uname unlink utimensat write
+
+[Unit]
+After=network.target network-online.target
+Description=ArchiSteamFarm Service (on %I)
+Documentation=https://github.com/JustArchiNET/ArchiSteamFarm/wiki
+Wants=network.target network-online.target
diff --git a/ArchiSteamFarm/overlay/generic/ArchiSteamFarm@.service b/ArchiSteamFarm/overlay/generic/ArchiSteamFarm@.service
new file mode 100644
index 000000000..30663f804
--- /dev/null
+++ b/ArchiSteamFarm/overlay/generic/ArchiSteamFarm@.service
@@ -0,0 +1,42 @@
+[Install]
+WantedBy=multi-user.target
+
+[Service]
+EnvironmentFile=-/etc/asf/%i
+ExecStart=dotnet /home/%i/ArchiSteamFarm/ArchiSteamFarm.dll --no-restart --process-required --service --system-required
+Restart=on-success
+RestartSec=5s
+SyslogIdentifier=asf-%i
+User=%i
+
+# ASF security hardening
+LockPersonality=yes
+PrivateDevices=yes
+PrivateMounts=yes
+PrivateUsers=yes
+ProtectClock=yes
+ProtectControlGroups=yes
+ProtectHome=read-only
+ProtectHostname=yes
+ProtectKernelLogs=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+ProtectSystem=full
+ReadWritePaths=/home/%i/ArchiSteamFarm /tmp/ASF
+RemoveIPC=yes
+RestrictAddressFamilies=AF_INET AF_INET6
+RestrictNamespaces=yes
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+
+# Not tested
+#PrivateIPC=yes
+
+# This list is incomplete, will likely crash your ASF, not to mention only a total madman would enable that
+#SystemCallFilter=accept4 access arch_prctl bind chdir chmod clone close connect epoll_create1 epoll_ctl epoll_wait fadvise64 fcntl flock fstat fsync ftruncate getcwd getdents64 getpeername getrusage getsockname getsockopt inotify_add_watch inotify_init ioctl listen lseek lstat madvise mkdir mknod mprotect openat pipe pipe2 poll pread64 read readlink recvfrom recvmsg rename rmdir rt_sigaction rt_sigprocmask sched_get_priority_max sched_get_priority_min sched_getparam sched_getscheduler sched_setaffinity sched_setscheduler sendmmsg sendmsg sendto setsockopt shutdown sigaltstack socket stat statfs sysinfo uname unlink utimensat write
+
+[Unit]
+After=network.target network-online.target
+Description=ArchiSteamFarm Service (on %I)
+Documentation=https://github.com/JustArchiNET/ArchiSteamFarm/wiki
+Wants=network.target network-online.target
diff --git a/ArchiSteamFarm/overlay/linux/ArchiSteamFarm@.service b/ArchiSteamFarm/overlay/linux/ArchiSteamFarm@.service
index e3040fd95..6267d1223 100644
--- a/ArchiSteamFarm/overlay/linux/ArchiSteamFarm@.service
+++ b/ArchiSteamFarm/overlay/linux/ArchiSteamFarm@.service
@@ -9,7 +9,7 @@ RestartSec=5s
 SyslogIdentifier=asf-%i
 User=%i
 
-# ASF hardening
+# ASF security hardening
 LockPersonality=yes
 PrivateDevices=yes
 PrivateMounts=yes
@@ -22,7 +22,7 @@ ProtectKernelLogs=yes
 ProtectKernelModules=yes
 ProtectKernelTunables=yes
 ProtectSystem=full
-ReadWritePaths=/home/%i/ArchiSteamFarm
+ReadWritePaths=/home/%i/ArchiSteamFarm /tmp/ASF
 RemoveIPC=yes
 RestrictAddressFamilies=AF_INET AF_INET6
 RestrictNamespaces=yes
@@ -39,4 +39,4 @@ RestrictSUIDSGID=yes
 After=network.target network-online.target
 Description=ArchiSteamFarm Service (on %I)
 Documentation=https://github.com/JustArchiNET/ArchiSteamFarm/wiki
-Wants=network-online.target
+Wants=network.target network-online.target