qusal/salt/sys-syncthing/files/client/systemd/qubes-syncthing-forwarder.service

## SPDX-FileCopyrightText: 2022 unman <unman@thirdeyesecurity.org>
## SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
##
## SPDX-License-Identifier: AGPL-3.0-or-later

[Unit]
Description=Syncthing over Qrexec
After=qubes-sysinit.service
After=qubes-qrexec-agent.service
ConditionPathExists=/var/run/qubes-service/syncthing-setup

[Service]
ExecStart=/usr/bin/socat TCP4-LISTEN:22001,reuseaddr,fork,end-close EXEC:"qrexec-client-vm @default qusal.Syncthing"
Restart=on-failure
RestartSec=3

# Hardening
ProtectSystem=full
PrivateTmp=true
SystemCallArchitectures=native
MemoryDenyWriteExecute=true
NoNewPrivileges=true

[Install]
WantedBy=multi-user.target
chore: add copyright to systemd services 2024-06-24 11:44:35 -04:00			`## SPDX-FileCopyrightText: 2022 unman <unman@thirdeyesecurity.org>`
			`## SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>`
			`##`
			`## SPDX-License-Identifier: AGPL-3.0-or-later`
refactor: initial commit 2023-11-13 09:33:28 -05:00
			`[Unit]`
			`Description=Syncthing over Qrexec`
fix: start service after Qubes Service setup 2024-06-19 12:08:20 -04:00			`After=qubes-sysinit.service`
refactor: initial commit 2023-11-13 09:33:28 -05:00			`After=qubes-qrexec-agent.service`
			`ConditionPathExists=/var/run/qubes-service/syncthing-setup`

			`[Service]`
			`ExecStart=/usr/bin/socat TCP4-LISTEN:22001,reuseaddr,fork,end-close EXEC:"qrexec-client-vm @default qusal.Syncthing"`
			`Restart=on-failure`
			`RestartSec=3`

			`# Hardening`
			`ProtectSystem=full`
			`PrivateTmp=true`
			`SystemCallArchitectures=native`
			`MemoryDenyWriteExecute=true`
			`NoNewPrivileges=true`

			`[Install]`
			`WantedBy=multi-user.target`