update systemd config

4 files changed, 25 insertions, 1 deletions

diff --git a/etc/systemd/network/10-wlp3s0.network b/etc/systemd/network/10-wlp3s0.network
index 87f68cd..65dfd51 100644
--- a/etc/systemd/network/10-wlp3s0.network
+++ b/etc/systemd/network/10-wlp3s0.network
@@ -3,4 +3,3 @@ Name=wlp3s0
 
 [Network]
 DHCP=yes
-# Tunnel=he-ipv6
diff --git a/etc/systemd/network/20-dummy1.network b/etc/systemd/network/20-dummy1.network
index 3ae219e..41bf4be 100644
--- a/etc/systemd/network/20-dummy1.network
+++ b/etc/systemd/network/20-dummy1.network
@@ -1,3 +1,6 @@
 [Match]
 Name=dummy1
 Unmanaged=yes
+
+[Network]
+Domains=~home.arpa
diff --git a/etc/systemd/network/20-dummy3.network b/etc/systemd/network/20-dummy3.network
index 8c3a2e7..e0d4be5 100644
--- a/etc/systemd/network/20-dummy3.network
+++ b/etc/systemd/network/20-dummy3.network
@@ -1,3 +1,6 @@
 [Match]
 Name=dummy3
 Unmanaged=yes
+
+[Network]
+Domains=~home.arpa
diff --git a/etc/systemd/system/he-ipv6-update.service b/etc/systemd/system/he-ipv6-update.service
new file mode 100644
index 0000000..1f379de
--- /dev/null
+++ b/etc/systemd/system/he-ipv6-update.service
@@ -0,0 +1,19 @@
+[Unit]
+Description=Update he-ipv6 tunnel end point
+After=network-online.target
+
+[Service]
+Type=oneshot
+ExecStart=curl --silent "https://USERNAME:PASSWORD@ipv4.tunnelbroker.net/nic/update?hostname=582358"
+NoNewPrivileges=yes                   # Prevent acquiring new privileges. Warning: breaks execution of SUID binaries
+PermissionsStartOnly=true
+PrivateDevices=yes                    # Prevent access to /dev
+PrivateTmp=yes                        # Use dedicated /tmp
+PrivateUsers=true
+ProtectHome=yes                       # Hide user homes
+ProtectKernelModules=yes              # Prevent loading or reading kernel modules
+ProtectKernelTunables=yes             # Prevent altering kernel tunables
+ProtectSystem=strict                  # strict or full, see docs
+
+[Install]
+WantedBy=network-online.target