Commit e35bc2c5 authored by Eric Dorland's avatar Eric Dorland

Reenable socket activation and privilege dropping

parent a0e62535
[Unit]
Description=DNSCrypt proxy resolvconf support
Documentation=man:dnscrypt-proxy(8)
Documentation=https://github.com/jedisct1/dnscrypt-proxy/wiki
After=dnscrypt-proxy.socket
Requires=dnscrypt-proxy.socket
ConditionFileIsExecutable=/sbin/resolvconf
......
debian/tmp/usr/bin/* usr/sbin
debian/dnscrypt-proxy.toml /etc/dnscrypt-proxy
debian/dnscrypt-proxy.service /lib/systemd/system
debian/dnscrypt-proxy.socket /lib/systemd/system
debian/dnscrypt-proxy-resolvconf.service /lib/systemd/system
[Unit]
Description=DNSCrypt client proxy
Documentation=man:dnscrypt-proxy(8)
# Requires=dnscrypt-proxy.socket
Documentation=https://github.com/jedisct1/dnscrypt-proxy/wiki
Requires=dnscrypt-proxy.socket
After=network.target
Before=nss-lookup.target
Wants=nss-lookup.target
[Install]
# Also=dnscrypt-proxy.socket
Also=dnscrypt-proxy.socket
WantedBy=multi-user.target
[Service]
Type=simple
NonBlocking=true
# Put this back
# User=_dnscrypt-proxy
ExecStart=/usr/sbin/dnscrypt-proxy -config /etc/dnscrypt-proxy/dnscrypt-proxy.toml
Restart=always
#ProtectSystem=strict
#ProtectHome=true
ProtectHome=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectControlGroups=true
MemoryDenyWriteExecute=true
RestrictRealtime=true
User=_dnscrypt-proxy
CacheDirectory=dnscrypt-proxy
LogsDirectory=dnscrypt-proxy
RuntimeDirectory=dnscrypt-proxy
[Unit]
Description=dnscrypt-proxy listening socket
Documentation=https://github.com/jedisct1/dnscrypt-proxy/wiki
Before=nss-lookup.target
Wants=nss-lookup.target
Wants=dnscrypt-proxy-resolvconf.service
[Socket]
ListenStream=127.0.2.1:53
ListenDatagram=127.0.2.1:53
NoDelay=true
DeferAcceptSec=1
[Install]
WantedBy=sockets.target
listen_addresses = ['127.0.2.1:53']
# Empty listen_addresses to use systemd socket activation
listen_addresses = []
server_names = ['cloudflare']
[query_log]
file = '/var/log/dnscrypt-proxy/query.log'
[nx_log]
file = '/var/log/dnscrypt-proxy/nx.log'
[sources]
[sources.'public-resolvers']
url = 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md'
cache_file = 'public-resolvers.md'
cache_file = '/var/cache/dnscrypt-proxy/public-resolvers.md'
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
refresh_delay = 72
prefix = ''
......@@ -11,6 +11,10 @@ export DH_GOPKG := github.com/jedisct1/dnscrypt-proxy
%:
dh $@ --buildsystem=golang --with=golang
override_dh_installsystemd:
dh_installsystemd dnscrypt-proxy.service dnscrypt-proxy.socket \
dnscrypt-proxy-resolvconf.service
override_dh_auto_install:
dh_auto_install --destdir=debian/tmp
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment