1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
[Unit]
Description=go-mmproxy
After=network.target
[Service]
[Service]
Environment="DAEMON_ARGS=-4 127.0.0.1:22 -6 "[::1]:22" -allowed-subnets /etc/go-mmproxy/path-prefixes.txt -l 0.0.0.0:2222"
EnvironmentFile=-/etc/default/%p
Type=simple
LimitNOFILE=65535
ExecStartPost=/sbin/ip rule add from 127.0.0.1/8 iif lo table 123
ExecStartPost=/sbin/ip route add local 0.0.0.0/0 dev lo table 123
ExecStart=/usr/bin/go-mmproxy $DAEMON_ARGS
ExecStopPost=/sbin/ip rule del from 127.0.0.1/8 iif lo table 123
ExecStopPost=/sbin/ip route del local 0.0.0.0/0 dev lo table 123
Restart=on-failure
RestartSec=10s
## https://www.freedesktop.org/software/systemd/man/systemd.exec.html#Capabilities
AmbientCapabilities=CAP_NET_ADMIN
# CAP_NET_RAW CAP_NET_BIND_SERVICE
#User=root
NoNewPrivileges=true
PrivateDevices=true
PrivateTmp=true
ProtectSystem=full
ProtectKernelTunables=true
[Install]
WantedBy=multi-user.target
|
