summarylogtreecommitdiffstats
path: root/cloudflared.service
diff options
context:
space:
mode:
authorGeorge Rawlinson2021-08-27 20:59:31 +0000
committerGeorge Rawlinson2021-08-27 20:59:31 +0000
commitdc9e72390fd1dbd84816c4ed61bab19b654378c2 (patch)
tree01ff09912585b7d3353d83b2a0f6ce880e05815f /cloudflared.service
parent84e2902b31cc9b34f8be7038c3dfaa7421932e86 (diff)
downloadaur-dc9e72390fd1dbd84816c4ed61bab19b654378c2.tar.gz
upgpkg: cloudflared 2021.8.5-1
* New upstream release. * Skip previous release due to quic-go dependency mismatch. Ref: https://github.com/cloudflare/cloudflared/issues/444
Diffstat (limited to 'cloudflared.service')
-rw-r--r--cloudflared.service56
1 files changed, 0 insertions, 56 deletions
diff --git a/cloudflared.service b/cloudflared.service
deleted file mode 100644
index 08dc89503416..000000000000
--- a/cloudflared.service
+++ /dev/null
@@ -1,56 +0,0 @@
-[Unit]
-Description=Argo Tunnel client daemon for Cloudflared
-After=network.target
-Wants=network.target
-
-[Service]
-Type=notify
-ExecStart=/usr/bin/cloudflared --config /etc/cloudflared/config.yml --no-autoupdate
-User=cloudflared
-Group=cloudflared
-Restart=on-failure
-RestartSec=5s
-TimeoutStartSec=0
-
-# Allow cloudflared access to logfile
-ReadWritePaths=/var/log/cloudflared.log
-
-# Allow cloudflared to bind ports in the range of 0-1024 and restrict it to
-# that capability
-CapabilityBoundingSet=CAP_NET_BIND_SERVICE
-AmbientCapabilities=CAP_NET_BIND_SERVICE
-
-# If cloudflared is run at ports >1024, you should apply these options via a
-# drop-in file
-#CapabilityBoundingSet=
-#AmbientCapabilities=
-#PrivateUsers=yes
-
-NoNewPrivileges=true
-LimitNOFILE=1048576
-UMask=0077
-
-ProtectSystem=strict
-ProtectHome=true
-PrivateTmp=true
-PrivateDevices=true
-ProtectHostname=true
-ProtectClock=true
-ProtectKernelTunables=true
-ProtectKernelModules=true
-ProtectKernelLogs=true
-ProtectControlGroups=true
-RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
-RestrictNamespaces=true
-LockPersonality=true
-MemoryDenyWriteExecute=true
-RestrictRealtime=true
-RestrictSUIDSGID=true
-RemoveIPC=true
-
-SystemCallFilter=@system-service
-SystemCallFilter=~@privileged @resources
-SystemCallArchitectures=native
-
-[Install]
-WantedBy=multi-user.target