dnscrypt-proxy/systemd/dnscrypt-proxy.service

54 lines
1.6 KiB
SYSTEMD

[Unit]
Description=DNSCrypt-proxy client
Documentation=https://github.com/jedisct1/dnscrypt-proxy/wiki
## Use systemd sockets. Disable on TCP_NODELAY fail. Then define ip address in dnscrypt-proxy.toml.
Requires=dnscrypt-proxy.socket
## Start service after the network is online.
## Requires a wait service such as NetworkManager or systemd-networkd.
## Verify using:
## systemctl is-enabled NetworkManager-wait-online.service systemd-networkd-wait-online.service
## Then enable:
## systemctl enable NetworkManager-wait-online.service
## Or alternatively:
## systemctl enable systemd-networkd-wait-online.service
After=network-online.target
Wants=network-online.target
## DNSCrypt-proxy provides and requires name resolution.
Before=nss-lookup.target
Wants=nss-lookup.target
[Service]
## Set O_NONBLOCK flag for socket unit.
NonBlocking=true
## Execute dnscrypt-proxy with configuration file.
ExecStart=/usr/bin/dnscrypt-proxy --config /etc/dnscrypt-proxy/dnscrypt-proxy.toml
## Make /home, /root and /run/user read only.
ProtectHome=yes
## Make Linux control groups read only.
ProtectControlGroups=yes
## Deny explicit module loading.
ProtectKernelModules=yes
## Run dnscrypt-proxy as unprivileged user with
## temporary assigned UID/GID. See man:systemd.exec
## for more info. Requires systemd 232+.
DynamicUser=yes
CacheDirectory=dnscrypt-proxy
LogsDirectory=dnscrypt-proxy
RuntimeDirectory=dnscrypt-proxy
[Install]
## Install socket unit.
Also=dnscrypt-proxy.socket
## Create symlink for systemd to pull in the unit when starting multi-user.target
## Can be found in /etc/systemd/system/multi-user.target.wants/
WantedBy=multi-user.target