blob: b1c683da33ec705a0228553fe312b37446cd8589 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
[Unit]
Description=AdGuard Home: Network-level blocker
After=syslog.target network-online.target
[Service]
DynamicUser=true
StateDirectory=adguardhome
WorkingDirectory=/var/lib/adguardhome
AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_NET_RAW
CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_NET_RAW
ExecStart=/usr/bin/adguardhome -w /var/lib/adguardhome -l syslog
PrivateTmp=true
ProtectSystem=strict
ProtectHome=true
PrivateDevices=true
ProtectKernelTunables=true
ProtectControlGroups=true
NoNewPrivileges=true
MemoryDenyWriteExecute=true
LockPersonality=true
ProtectHostname=true
[Install]
WantedBy=multi-user.target
|