envoy.service

This unit is provided by:

https://nixos.org/channels/nixos-unstable

Options

[Service]
- AmbientCapabilities=CAP_NET_BIND_SERVICE
- CacheDirectory=envoy
- CapabilityBoundingSet=CAP_NET_BIND_SERVICE
- DynamicUser=yes
- ExecStart=/usr/bin/envoy -c validate-envoy-conf
- LockPersonalityIntroduced in systemd 235=yes
- LogsDirectory=envoy
- PrivateDevicesIntroduced in systemd 209=yes
- PrivateUsers=no
- ProtectClockIntroduced in systemd 245=yes
- ProtectControlGroupsIntroduced in systemd 232=yes
- ProtectHomeIntroduced in systemd 214=yes
- ProtectHostnameIntroduced in systemd 242=yes
- ProtectKernelLogsIntroduced in systemd 244=yes
- ProtectKernelModulesIntroduced in systemd 232=yes
- ProtectKernelTunablesIntroduced in systemd 232=yes
- ProtectProcIntroduced in systemd 247=ptraceable
- ProtectSystemIntroduced in systemd 214=strict
- Restart=no
- RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK AF_XDP
- RestrictNamespacesIntroduced in systemd 233=yes
- RestrictRealtimeIntroduced in systemd 231=yes
- SystemCallArchitectures=native
- SystemCallFilter=~@clock @module @mount @reboot @swap @obsolete @cpu-emulation
- UMask=0066
[Unit]
- After=network-online.target
- Description=Envoy reverse proxy
- Requires=network-online.target

Additionnal notes

Nothing here.