diff options
Diffstat (limited to 'onetun@.service')
| -rw-r--r-- | onetun@.service | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/onetun@.service b/onetun@.service new file mode 100644 index 000000000000..5f2881705157 --- /dev/null +++ b/onetun@.service @@ -0,0 +1,23 @@ +[Unit] +Description=onetun %I +After=network-online.target nss-lookup.target +Wants=network-online.target nss-lookup.target +PartOf=onetun.target + +[Service] +Type=simple +NoNewPrivileges=yes +PrivateTmp=yes +ProtectSystem=strict +ProtectHome=yes # Prevent service from reading files in /home +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +ProtectKernelLogs=yes +MemoryDenyWriteExecute=yes +LockPersonality=yes +ExecStart=/usr/bin/onetun +EnvironmentFile=/etc/onetun/%i.conf + +[Install] +WantedBy=multi-user.target |