mirror of
https://github.com/tailscale/tailscale.git
synced 2024-11-26 03:25:35 +00:00
775fe13e27
Signed-off-by: David Anderson <danderson@tailscale.com>
(cherry picked from commit de497358b8)
44 lines
1.0 KiB
Desktop File
44 lines
1.0 KiB
Desktop File
[Unit]
|
|
Description=Tailscale node agent
|
|
Documentation=https://tailscale.com/kb/
|
|
Wants=network-pre.target
|
|
After=network-pre.target
|
|
|
|
[Service]
|
|
EnvironmentFile=/etc/default/tailscaled
|
|
ExecStartPre=/usr/sbin/tailscaled --cleanup
|
|
ExecStart=/usr/sbin/tailscaled --state=/var/lib/tailscale/tailscaled.state --socket=/run/tailscale/tailscaled.sock --port $PORT $FLAGS
|
|
ExecStopPost=/usr/sbin/tailscaled --cleanup
|
|
|
|
Restart=on-failure
|
|
|
|
RuntimeDirectory=tailscale
|
|
RuntimeDirectoryMode=0755
|
|
StateDirectory=tailscale
|
|
StateDirectoryMode=0750
|
|
CacheDirectory=tailscale
|
|
CacheDirectoryMode=0750
|
|
Type=notify
|
|
|
|
DeviceAllow=/dev/net/tun
|
|
DeviceAllow=/dev/null
|
|
DeviceAllow=/dev/random
|
|
DeviceAllow=/dev/urandom
|
|
DevicePolicy=strict
|
|
LockPersonality=true
|
|
MemoryDenyWriteExecute=true
|
|
PrivateTmp=true
|
|
ProtectClock=true
|
|
ProtectControlGroups=true
|
|
ProtectHome=true
|
|
ProtectKernelTunables=true
|
|
ProtectSystem=strict
|
|
ReadWritePaths=/etc/
|
|
ReadWritePaths=/run/
|
|
ReadWritePaths=/var/run/
|
|
RestrictSUIDSGID=true
|
|
SystemCallArchitectures=native
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|