dnscrypt-proxy/repos/community-x86_64/dnscrypt-proxy.service

   1 [Unit]
   2 Description=DNSCrypt-proxy client
   3 Documentation=https://github.com/jedisct1/dnscrypt-proxy/wiki
   4 Wants=network-online.target nss-lookup.target
   5 Before=nss-lookup.target
   6
   7 [Service]
   8 AmbientCapabilities=CAP_NET_BIND_SERVICE
   9 CacheDirectory=dnscrypt-proxy
  10 CapabilityBoundingSet=CAP_NET_BIND_SERVICE
  11 DynamicUser=yes
  12 ExecStart=/usr/bin/dnscrypt-proxy --config /etc/dnscrypt-proxy/dnscrypt-proxy.toml
  13 LockPersonality=yes
  14 LogsDirectory=dnscrypt-proxy
  15 MemoryDenyWriteExecute=true
  16 NonBlocking=true
  17 NoNewPrivileges=true
  18 PrivateDevices=true
  19 ProtectControlGroups=yes
  20 ProtectHome=yes
  21 ProtectHostname=yes
  22 ProtectKernelLogs=yes
  23 ProtectKernelModules=yes
  24 ProtectKernelTunables=yes
  25 ProtectSystem=strict
  26 RestrictAddressFamilies=AF_INET AF_INET6
  27 RestrictNamespaces=true
  28 RestrictRealtime=true
  29 RuntimeDirectory=dnscrypt-proxy
  30 StateDirectory=dnscrypt-proxy
  31 SystemCallArchitectures=native
  32 SystemCallFilter=@system-service
  33
  34 [Install]
  35 WantedBy=multi-user.target