diff options
author | George Rawlinson | 2021-08-27 20:59:31 +0000 |
---|---|---|
committer | George Rawlinson | 2021-08-27 20:59:31 +0000 |
commit | dc9e72390fd1dbd84816c4ed61bab19b654378c2 (patch) | |
tree | 01ff09912585b7d3353d83b2a0f6ce880e05815f /cloudflared.service | |
parent | 84e2902b31cc9b34f8be7038c3dfaa7421932e86 (diff) | |
download | aur-dc9e72390fd1dbd84816c4ed61bab19b654378c2.tar.gz |
upgpkg: cloudflared 2021.8.5-1
* New upstream release.
* Skip previous release due to quic-go dependency mismatch.
Ref: https://github.com/cloudflare/cloudflared/issues/444
Diffstat (limited to 'cloudflared.service')
-rw-r--r-- | cloudflared.service | 56 |
1 files changed, 0 insertions, 56 deletions
diff --git a/cloudflared.service b/cloudflared.service deleted file mode 100644 index 08dc89503416..000000000000 --- a/cloudflared.service +++ /dev/null @@ -1,56 +0,0 @@ -[Unit] -Description=Argo Tunnel client daemon for Cloudflared -After=network.target -Wants=network.target - -[Service] -Type=notify -ExecStart=/usr/bin/cloudflared --config /etc/cloudflared/config.yml --no-autoupdate -User=cloudflared -Group=cloudflared -Restart=on-failure -RestartSec=5s -TimeoutStartSec=0 - -# Allow cloudflared access to logfile -ReadWritePaths=/var/log/cloudflared.log - -# Allow cloudflared to bind ports in the range of 0-1024 and restrict it to -# that capability -CapabilityBoundingSet=CAP_NET_BIND_SERVICE -AmbientCapabilities=CAP_NET_BIND_SERVICE - -# If cloudflared is run at ports >1024, you should apply these options via a -# drop-in file -#CapabilityBoundingSet= -#AmbientCapabilities= -#PrivateUsers=yes - -NoNewPrivileges=true -LimitNOFILE=1048576 -UMask=0077 - -ProtectSystem=strict -ProtectHome=true -PrivateTmp=true -PrivateDevices=true -ProtectHostname=true -ProtectClock=true -ProtectKernelTunables=true -ProtectKernelModules=true -ProtectKernelLogs=true -ProtectControlGroups=true -RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 -RestrictNamespaces=true -LockPersonality=true -MemoryDenyWriteExecute=true -RestrictRealtime=true -RestrictSUIDSGID=true -RemoveIPC=true - -SystemCallFilter=@system-service -SystemCallFilter=~@privileged @resources -SystemCallArchitectures=native - -[Install] -WantedBy=multi-user.target |