blob: ed02955621baddc7c0a7735afd4ea21a5a5d30a1 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
[Unit]
Description=DNSCrypt-proxy client
Documentation=https://github.com/jedisct1/dnscrypt-proxy/wiki
## systemd sockets - Do not enable unless you are very familiar with the systemd socket activation mechanism.
## Always try without systemd sockets before reporting any issues related to speed, latency or reliability.
## If you enable this, the `listen_addresses` list in the main configuration file can be empty.
## Or, at least, the addresses it contains should not overlap with the systemd socket addresses.
# Requires=dnscrypt-proxy.socket
After=network.target
Wants=network.target
Before=nss-lookup.target
Wants=nss-lookup.target
[Service]
ExecStart=/usr/bin/dnscrypt-proxy --config /etc/dnscrypt-proxy/dnscrypt-proxy.toml
NonBlocking=true
DynamicUser=yes
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
CacheDirectory=dnscrypt-proxy
ConfigurationDirectory=dnscrypt-proxy
LogsDirectory=dnscrypt-proxy
RuntimeDirectory=dnscrypt-proxy
## Allow binding to 127.0.0.1:53 as non-root user
## without the .socket unit
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
Also=dnscrypt-proxy.socket
WantedBy=multi-user.target
|