blob: 869cd391e464e7e416f8309b7ba50d0abfad253c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
[Unit]
Description=VNT Virtual LAN Server.
Documentation=https://rustvnt.com/guide/introduction.html
Wants=network-online.target
After=network-online.target
Wants=modprobe@tun.service
After=modprobe@tun.service
[Service]
Type=simple
ExecStart=/usr/bin/vnt-cli -f /etc/vnt/vnt-cli.yml
ExecStop=/usr/bin/vnt-cli --stop
# Credential
# TODO: Find ways to use DynamicUser and Capability instead.
User=root
Group=root
#User=vnt
#Group=vnt
#DynamicUser=yes
# Capability
#CapabilityBoundingSet=CAP_NET_ADMIN
# Security
NoNewPrivileges=yes
# Sandboxing
ProtectSystem=strict
ProtectHome=yes
ConfigurationDirectory=vnt
PrivateTmp=yes
ProtectKernelTunables=yes
ProtectKernelModules=yes
ProtectControlGroups=yes
RestrictNamespaces=yes
LockPersonality=yes
MemoryDenyWriteExecute=yes
RestrictRealtime=yes
RemoveIPC=yes
PrivateMounts=yes
[Install]
WantedBy=multi-user.target
|