Skip to content

Commit

Permalink
Improve the example systemd service file.
Browse files Browse the repository at this point in the history
  • Loading branch information
kzemek authored Mar 23, 2024
1 parent 6775f46 commit d2b2b2a
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 16 deletions.
11 changes: 4 additions & 7 deletions .github/workflows/test-startup.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,18 +21,15 @@ jobs:
run: go build -v ./...

- name: Install go-mmproxy
run: sudo cp go-mmproxy /usr/bin/go-mmproxy

- name: Add net-prefixes.txt
run: echo 192.168.0.0/16 | sudo tee /usr/share/net-prefixes.txt

- name: Install the systemd service
run: |
sudo cp go-mmproxy /usr/bin/go-mmproxy
sudo mkdir /etc/go-mmproxy
echo 192.168.0.0/16 | sudo tee /etc/go-mmproxy/net-prefixes.txt
sudo cp go-mmproxy.service.example /etc/systemd/system/go-mmproxy.service
sudo systemctl daemon-reload
- name: Start go-mmproxy
run: sudo systemctl start go-mmproxy
run: sudo systemctl start go-mmproxy || sudo systemctl status go-mmproxy.service

- name: Check go-mmproxy status
run: systemctl is-active go-mmproxy
23 changes: 14 additions & 9 deletions go-mmproxy.service.example
Original file line number Diff line number Diff line change
Expand Up @@ -5,17 +5,22 @@ After=network.target
[Service]
Type=simple
LimitNOFILE=65535
ExecStartPost=/sbin/ip rule add from 127.0.0.1/8 iif lo table 123
ExecStartPost=/sbin/ip route add local 0.0.0.0/0 dev lo table 123
ExecStartPost=/sbin/ip -6 rule add from ::1/128 iif lo table 123
ExecStartPost=/sbin/ip -6 route add local ::/0 dev lo table 123
ExecStart=/usr/bin/go-mmproxy -4 127.0.0.1:1000 -6 "[::1]:1000" -allowed-subnets /usr/share/net-prefixes.txt -l 0.0.0.0:1234
ExecStopPost=/sbin/ip rule del from 127.0.0.1/8 iif lo table 123
ExecStopPost=/sbin/ip route del local 0.0.0.0/0 dev lo table 123
ExecStopPost=/sbin/ip -6 rule del from ::1/128 iif lo table 123
ExecStopPost=/sbin/ip -6 route del local ::/0 dev lo table 123
CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_NET_ADMIN
ExecStartPost=+/sbin/ip rule add from 127.0.0.1/8 iif lo table 123
ExecStartPost=+/sbin/ip route add local 0.0.0.0/0 dev lo table 123
ExecStartPost=+/sbin/ip -6 rule add from ::1/128 iif lo table 123
ExecStartPost=+/sbin/ip -6 route add local ::/0 dev lo table 123
ExecStart=/usr/bin/go-mmproxy -4 127.0.0.1:1000 -6 "[::1]:1000" -allowed-subnets /etc/go-mmproxy/net-prefixes.txt -l 0.0.0.0:1234
ExecStopPost=+/sbin/ip rule del from 127.0.0.1/8 iif lo table 123
ExecStopPost=+/sbin/ip route del local 0.0.0.0/0 dev lo table 123
ExecStopPost=+/sbin/ip -6 rule del from ::1/128 iif lo table 123
ExecStopPost=+/sbin/ip -6 route del local ::/0 dev lo table 123
Restart=on-failure
RestartSec=10s
DynamicUser=yes
ProtectSystem=full
PrivateTmp=true
WorkingDirectory=/tmp

[Install]
WantedBy=multi-user.target

0 comments on commit d2b2b2a

Please sign in to comment.