You've already forked caddy-opnsense-blocker
32 lines
795 B
Desktop File
32 lines
795 B
Desktop File
[Unit]
|
|
Description=Caddy OPNsense Blocker
|
|
After=network-online.target
|
|
Wants=network-online.target
|
|
|
|
[Service]
|
|
Type=simple
|
|
User=blocker
|
|
Group=blocker
|
|
SupplementaryGroups=caddy
|
|
WorkingDirectory=/var/lib/caddy-opnsense-blocker
|
|
ExecStart=/usr/local/bin/caddy-opnsense-blocker -config /etc/caddy-opnsense-blocker/config.yaml
|
|
Restart=always
|
|
RestartSec=5s
|
|
NoNewPrivileges=true
|
|
PrivateTmp=true
|
|
ProtectSystem=strict
|
|
ProtectHome=true
|
|
ProtectKernelTunables=true
|
|
ProtectKernelModules=true
|
|
ProtectControlGroups=true
|
|
RestrictSUIDSGID=true
|
|
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
|
|
LockPersonality=true
|
|
MemoryDenyWriteExecute=true
|
|
SystemCallArchitectures=native
|
|
ReadWritePaths=/var/lib/caddy-opnsense-blocker
|
|
ReadOnlyPaths=/etc/caddy-opnsense-blocker /var/log/caddy
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|