2017-07-24 17:16:40 +08:00
|
|
|
[Unit]
|
|
|
|
|
Description=Glider Service (%i)
|
|
|
|
|
After=network.target
|
|
|
|
|
|
|
|
|
|
[Service]
|
|
|
|
|
Type=simple
|
|
|
|
|
User=nobody
|
|
|
|
|
Restart=always
|
2017-08-24 11:58:32 +08:00
|
|
|
|
|
|
|
|
# NOTE: change to your glider path
|
2017-07-24 17:16:40 +08:00
|
|
|
ExecStart=/usr/bin/glider -config /etc/glider/%i.conf
|
|
|
|
|
|
2017-08-24 11:58:32 +08:00
|
|
|
# work with systemd v229 or later, so glider can listen on port below 1024 with none-root user
|
2017-08-28 23:14:52 +08:00
|
|
|
# CAP_NET_ADMIN: ipset
|
|
|
|
|
# CAP_NET_BIND_SERVICE: bind ports under 1024
|
|
|
|
|
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
|
|
|
|
|
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
|
2017-08-24 11:58:32 +08:00
|
|
|
NoNewPrivileges=true
|
|
|
|
|
|
2017-07-24 17:16:40 +08:00
|
|
|
[Install]
|
|
|
|
|
WantedBy=multi-user.target
|
