pi-hole/advanced/pihole-FTL.systemd

[Unit]
Description=Pi-hole FTLDNS
; This unit is supposed to indicate when network functionality is available, but it is only
; very weakly defined what that is supposed to mean, with one exception: at shutdown, a unit
; that is ordered after network.target will be stopped before the network
After=network.target
; A target that should be used as synchronization point for all host/network name service lookups.
; All services for which the availability of full host/network name resolution is essential should
; be ordered after this target, but not pull it in.
Wants=nss-lookup.target
Before=nss-lookup.target

[Service]
Restart=on-abnormal
User=pihole
Group=pihole
PermissionsStartOnly=true

Type=forking
PIDFile=/run/pihole-FTL.pid

ExecStartPre=/bin/touch /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole.log
ExecStartPre=/bin/mkdir -p /var/run/pihole /var/log/pihole
ExecStartPre=/bin/chown pihole:pihole /var/run/pihole /var/log/pihole
ExecStartPre=-/bin/rm /var/run/pihole/FTL.sock
ExecStartPre=/bin/chown pihole:pihole /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /etc/pihole /etc/pihole/dhcp.leases /var/log/pihole.log
ExecStartPre=/bin/chmod 0644 /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole.log
ExecStartPre=/bin/echo "nameserver 127.0.0.1" | /sbin/resolvconf -a lo.piholeFTL

ExecStart=/usr/bin/pihole-FTL
RestartSec=30s
ExecReload=/bin/kill -HUP $MAINPID

; Use graceful shutdown with a reasonable timeout
TimeoutStopSec=10s

; Make /usr, /boot, /etc and possibly some more folders read-only...
ProtectSystem=full
; ... except /etc/pihole
; This merely retains r/w access rights, it does not add any new.
; Must still be writable on the host!
ReadWriteDirectories=/etc/pihole

[Install]
WantedBy=multi-user.target