From 8646e5a9f885043c1b44eaf8dfc67abb1ded8a95 Mon Sep 17 00:00:00 2001
From: Julian Sutter <jsutter@symbiotip.com>
Date: Fri, 18 Jul 2025 22:11:38 -0700
Subject: [PATCH] Fix cloudflared service to ensure it runs persistently

---
 desktop/ftl.host.nix | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/desktop/ftl.host.nix b/desktop/ftl.host.nix
index 6dc35b9..582a2ab 100644
--- a/desktop/ftl.host.nix
+++ b/desktop/ftl.host.nix
@@ -35,10 +35,19 @@ in {
 
     serviceConfig = {
       ExecStart = "${pkgs.cloudflared}/bin/cloudflared access tcp --hostname ${tunnel.remoteHost} --url ${tunnel.remoteTarget} --port ${toString tunnel.localBindPort} --logfile ${tunnel.logPath}";
+      # The key setting to ensure the service stays running
+      Type = "simple";
       Restart = "always";
       RestartSec = "5s";
-      User = "root";
-      Group = "root";
+      # Configure service to wait for network
+      After = [ "network-online.target" ];
+      Wants = [ "network-online.target" ];
+      # Run as dedicated user for better security
+      DynamicUser = true;
+      # Configure systemd runtime directory
+      RuntimeDirectory = "cloudflared";
+      RuntimeDirectoryMode = "0700";
+      # Standard outputs
       StandardOutput = "journal";
       StandardError = "journal";
     };