sample rkt service file

wireguard-user.service

@@ -0,0 +1,41 @@
+[Unit]
+# Metadata
+Description=Wireguard Userspace
+Documentation=https://git.zx2c4.com/wireguard-go/about/
+# Wait for networking
+Requires=network-online.target
+After=network-online.target
+
+[Service]
+Slice=machine.slice
+# Resource limits
+Delegate=true
+CPUShares=1024
+MemoryLimit=128M
+OOMScoreAdjust=50
+
+ExecStartPre=-/bin/mknod /dev/net/tun c 10 200
+
+#Defaults
+#Environment=WG_INTERFACE=wg0
+#Environment=WG_HOST_INTERFACE=eth0
+#Environment=WG_ADDRESS:-192.168.2.1/24
+
+Environment=ROOT_DIR=/srv/wireguard
+
+Environment=WG_CAPS="CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FSETID,CAP_FOWNER,CAP_MKNOD,CAP_NET_RAW,CAP_SETGID,CAP_SETUID,CAP_SETFCAP,CAP_SETPCAP,CAP_NET_BIND_SERVICE,CAP_SYS_CHROOT,CAP_KILL,CAP_AUDIT_WRITE,CAP_NET_ADMIN,CAP_SYS_ADMIN"
+
+ExecStartPre=/bin/mkdir -p $ROOT_DIR
+
+ExecStart=/usr/bin/rkt --insecure-options=image run --uuid-file-save=${ROOT_DIR}/container.uuid --hostname vpn.shimun.net --dns 8.8.8.8 --dns 9.9.9.9 --dns 1.1.1.1 \
+                        --volume dev-net,kind=host,source=/dev/net/tun --volume volume-etc-wireguard,kind=host,source=${ROOT_DIR},readOnly=false \
+                        --port 51820-udp:51820 repo.shimun.net/shimun/wireguard-user --mount volume=dev-net,target=/dev/net/tun --caps-retain=${WG_CAPS} 
+                        
+ExecStopPost=-/usr/bin/rkt rm --uuid-file=${ROOT_DIR}/container.uuid
+KillMode=mixed
+Restart=always
+RestartSec=30
+
+[Install]
+WantedBy=multi-user.target
+