From a8a73c1b91ff5ecffc7731b92882bc6d4f632691 Mon Sep 17 00:00:00 2001
From: Atridad Lahiji <me@atri.dad>
Date: Wed, 1 Apr 2026 09:52:11 -0600
Subject: [PATCH] Update proxy.nix

---
 modules/proxy.nix | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/modules/proxy.nix b/modules/proxy.nix
index 85993e7..34dcfc2 100644
--- a/modules/proxy.nix
+++ b/modules/proxy.nix
@@ -56,11 +56,16 @@ let
       wants = [ "network-online.target" ];
       wantedBy = [ "multi-user.target" ];
       serviceConfig = {
-        ExecStart = "${pkgs.socat}/bin/socat ${lib.toUpper proto}-LISTEN:${toString port},fork,reuseaddr ${lib.toUpper proto}:${upstream}:${toString port}";
+        ExecStart =
+          if proto == "udp" then
+            "${pkgs.socat}/bin/socat UDP-RECVFROM:${toString port},fork,reuseaddr UDP:${upstream}:${toString port}"
+          else
+            "${pkgs.socat}/bin/socat TCP-LISTEN:${toString port},fork,reuseaddr TCP:${upstream}:${toString port}";
         Restart = "on-failure";
         RestartSec = "5s";
         DynamicUser = true;
         AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
+        CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ];
       };
     };