fix: nostr-vpn service crash on reboot, detect activating state

- Remove ReadWritePaths sandbox (causes namespace error when /run/nostr-vpn
  doesn't exist after reboot — /run is tmpfs)
- Detect both 'active' and 'activating' states in VPN status check

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Dorian
2026-04-07 22:05:08 +01:00
parent 0ecfdd1d01
commit a34075287d
4 changed files with 48 additions and 24 deletions

View File

@@ -16,9 +16,7 @@ RestartSec=10
TimeoutStartSec=30
TimeoutStopSec=10
# Security — runs as root for TUN/WireGuard access
ReadWritePaths=/var/lib/archipelago/nostr-vpn /run/nostr-vpn
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
# No sandbox — runs as root for TUN/WireGuard, needs unrestricted filesystem
# Resource limits
MemoryMax=256M