From 7239409083860cca5f48e116f5b157f78a25c852 Mon Sep 17 00:00:00 2001
From: Aminda Suomalainen <suomalainen+git@mikaela.info>
Date: Thu, 23 Feb 2023 13:52:48 +0200
Subject: [PATCH] conf/systemd/user: add dnsproxy.service

---
 conf/systemd/user/dnsproxy.service | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 conf/systemd/user/dnsproxy.service

diff --git a/conf/systemd/user/dnsproxy.service b/conf/systemd/user/dnsproxy.service
new file mode 100644
index 00000000..b4608c3d
--- /dev/null
+++ b/conf/systemd/user/dnsproxy.service
@@ -0,0 +1,23 @@
+# https://github.com/AdguardTeam/dnsproxy
+# SELinux takes an offence against the ExecStart so let's be an user service
+# instead
+
+# DON'T FORGET! loginctl enable-linger USERNAME
+[Unit]
+Description=DNS over HTTPS resolver
+# /etc/resolv.conf -> unbound -> dnsproxy
+After=network-online.target unbound.service
+Wants=unbound.service
+
+[Service]
+Type=simple
+# -v is verbose output, journalctl --user -u dnsproxy
+# 127.0.2.1@53 comes from https://gitea.blesmrt.net/mikaela/shell-things/src/branch/master/etc/unbound/unbound.conf.d/dnscrypt-proxy.conf
+# and it's not a privileged port https://gitea.blesmrt.net/mikaela/shell-things/src/branch/master/etc/sysctl.d/23-starts-unprivileged-ports.conf
+# The DoH server is self-explanatory, bootstrap is Quad9 with ECS
+ExecStart=/home/aminda/src/github.com/AdguardTeam/dnsproxy/dnsproxy -v -l 127.0.2.1 -p 53 -u https://dns0.eu/ -b 149.112.112.11:53 -b 9.9.9.11:53 -b [2620:fe::11]:53 -b [2620:fe::fe:11]:53 --http3
+Restart=always
+RestartSec=5s
+
+[Install]
+WantedBy=multi-user.target