Today I realized that a lot of people don't seem to know about #systemd drop-in files. Stuff you can drop in /etc/systemd/system/.service.d/whatever.conf, and they'll be merged into the service.

You can use this to create common abstractions, and rather than editing random service files shipped by upstream, or your distribution, you can just symlink a common abstraction to a drop-in, and voila.

This is mighty useful if you want to lock things down further, and don't want to repeat yourself N+1 times.