{{ ansible_managed | comment }}

[Service]
AmbientCapabilities=CAP_NET_RAW
NoNewPrivileges=true