diff options
Diffstat (limited to 'lyrebird-proxy.service')
| -rw-r--r-- | lyrebird-proxy.service | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/lyrebird-proxy.service b/lyrebird-proxy.service new file mode 100644 index 000000000000..bfd6f59c7341 --- /dev/null +++ b/lyrebird-proxy.service @@ -0,0 +1,33 @@ +[Unit] +Description=pluggable transport proxy for Tor, implementing obfs4 +After=network.target nss-lookup.target + +[Service] +ExecStart=/usr/bin/lyrebird-proxy + +Restart=on-failure + +# Hardening +DynamicUser=true +NoNewPrivileges=true + +PrivateTmp=true +PrivateDevices=true +PrivateMounts=true +PrivateIPC=true + +ProtectHome=true +ProtectControlGroups=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectKernelLogs=true +ProtectProc=invisible +ProtectHostname=true +ProtectClock=true +ProtectSystem=strict + +MemoryDenyWriteExecute=true +RestrictRealtime=true + +[Install] +WantedBy=multi-user.target |