summaryrefslogtreecommitdiff
path: root/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.service
diff options
context:
space:
mode:
Diffstat (limited to 'net-dns/dnscrypt-proxy/files/dnscrypt-proxy.service')
-rw-r--r--net-dns/dnscrypt-proxy/files/dnscrypt-proxy.service39
1 files changed, 39 insertions, 0 deletions
diff --git a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.service b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.service
new file mode 100644
index 000000000000..ed02955621ba
--- /dev/null
+++ b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.service
@@ -0,0 +1,39 @@
+[Unit]
+Description=DNSCrypt-proxy client
+Documentation=https://github.com/jedisct1/dnscrypt-proxy/wiki
+
+## systemd sockets - Do not enable unless you are very familiar with the systemd socket activation mechanism.
+## Always try without systemd sockets before reporting any issues related to speed, latency or reliability.
+## If you enable this, the `listen_addresses` list in the main configuration file can be empty.
+## Or, at least, the addresses it contains should not overlap with the systemd socket addresses.
+
+# Requires=dnscrypt-proxy.socket
+
+After=network.target
+Wants=network.target
+Before=nss-lookup.target
+Wants=nss-lookup.target
+
+[Service]
+ExecStart=/usr/bin/dnscrypt-proxy --config /etc/dnscrypt-proxy/dnscrypt-proxy.toml
+NonBlocking=true
+
+DynamicUser=yes
+
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+
+CacheDirectory=dnscrypt-proxy
+ConfigurationDirectory=dnscrypt-proxy
+LogsDirectory=dnscrypt-proxy
+RuntimeDirectory=dnscrypt-proxy
+
+## Allow binding to 127.0.0.1:53 as non-root user
+## without the .socket unit
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+
+[Install]
+Also=dnscrypt-proxy.socket
+WantedBy=multi-user.target
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-06 17:39:38 +0000