[Unit]
Description=Blocky DNS Resolver
Wants=network-online.target
After=network-online.target

[Service]
User=blocky
Group=blocky

CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE

ExecStart=/usr/local/bin/blocky --config /etc/blocky/config.yaml
Restart=always
RestartSec=5s


NoNewPrivileges=true
ProtectSystem=full
ProtectHome=true

[Install]
WantedBy=multi-user.target