aboutsummaryrefslogblamecommitdiff
path: root/etc/systemd/system/he-ipv6-update.service
blob: 1f379de84993e5f9a70d912adaf3a4c7b2a45304 (plain) (tree)


















                                                                                                                    
[Unit]
Description=Update he-ipv6 tunnel end point
After=network-online.target

[Service]
Type=oneshot
ExecStart=curl --silent "https://USERNAME:PASSWORD@ipv4.tunnelbroker.net/nic/update?hostname=582358"
NoNewPrivileges=yes                   # Prevent acquiring new privileges. Warning: breaks execution of SUID binaries
PermissionsStartOnly=true
PrivateDevices=yes                    # Prevent access to /dev
PrivateTmp=yes                        # Use dedicated /tmp
PrivateUsers=true
ProtectHome=yes                       # Hide user homes
ProtectKernelModules=yes              # Prevent loading or reading kernel modules
ProtectKernelTunables=yes             # Prevent altering kernel tunables
ProtectSystem=strict                  # strict or full, see docs

[Install]
WantedBy=network-online.target