Documentation and Wants=network-online.target (#395)

Documentation and Wants=network-online.target

systemd/dnscrypt-proxy.service

@@ -1,26 +1,53 @@
 [Unit]
 Description=DNSCrypt-proxy client
 Documentation=https://github.com/jedisct1/dnscrypt-proxy/wiki
+
+## Use systemd sockets. Disable on TCP_NODELAY fail. Then define ip address in dnscrypt-proxy.toml.
 Requires=dnscrypt-proxy.socket
+
+## Start service after the network is online.
+## Requires a wait service such as NetworkManager or systemd-networkd.
+## Verify using: 
+## systemctl is-enabled NetworkManager-wait-online.service systemd-networkd-wait-online.service
+## Then enable:
+## systemctl enable NetworkManager-wait-online.service
+## Or alternatively: 
+## systemctl enable systemd-networkd-wait-online.service
 After=network-online.target
+Wants=network-online.target
+
+## DNSCrypt-proxy provides and requires name resolution. 
 Before=nss-lookup.target
 Wants=nss-lookup.target
 
 [Service]
+## Set O_NONBLOCK flag for socket unit.
 NonBlocking=true
+
+## Execute dnscrypt-proxy with configuration file.
 ExecStart=/usr/bin/dnscrypt-proxy --config /etc/dnscrypt-proxy/dnscrypt-proxy.toml
+
+## Make /home, /root and /run/user read only.
 ProtectHome=yes
+
+## Make Linux control groups read only.
 ProtectControlGroups=yes
+
+## Deny explicit module loading.
 ProtectKernelModules=yes
 
-# Run dnscrypt-proxy as unprivileged user with
+## Run dnscrypt-proxy as unprivileged user with
-# temporary assigned UID/GID. See man:systemd.exec
+## temporary assigned UID/GID. See man:systemd.exec
-# for more info. Requires systemd 232+.
+## for more info. Requires systemd 232+.
 DynamicUser=yes
 CacheDirectory=dnscrypt-proxy
 LogsDirectory=dnscrypt-proxy
 RuntimeDirectory=dnscrypt-proxy
 
 [Install]
+## Install socket unit.
 Also=dnscrypt-proxy.socket
+
+## Create symlink for systemd to pull in the unit when starting multi-user.target
+## Can be found in /etc/systemd/system/multi-user.target.wants/
 WantedBy=multi-user.target