summaryrefslogtreecommitdiff
blob: a0c7a1408c85c7ef511055926581d0fe2126ca26 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
[Unit]
Description=DNSCrypt-proxy client
Documentation=https://github.com/jedisct1/dnscrypt-proxy/wiki

## systemd sockets - Do not enable unless you are very familiar with the systemd socket activation mechanism.
## Always try without systemd sockets before reporting any issues related to speed, latency or reliability.
## If you enable this, the `listen_addresses` list in the main configuration file can be empty.
## Or, at least, the addresses it contains should not overlap with the systemd socket addresses.

#Requires=dnscrypt-proxy.socket
Before=nss-lookup.target
After=network.target
Wants=network.target nss-lookup.target


[Service]
ExecStart=/usr/bin/dnscrypt-proxy --config /etc/dnscrypt-proxy/dnscrypt-proxy.toml
NonBlocking=true

DynamicUser=yes

ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes

CacheDirectory=dnscrypt-proxy
ConfigurationDirectory=dnscrypt-proxy
LogsDirectory=dnscrypt-proxy
RuntimeDirectory=dnscrypt-proxy

## Allow binding to 127.0.0.1:53 as non-root user
## without the .socket unit
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
#Also=dnscrypt-proxy.socket
WantedBy=multi-user.target