diff options
author | Ryan Kavanagh <rak@rak.ac> | 2023-01-03 12:17:53 -0500 |
---|---|---|
committer | Ryan Kavanagh <rak@rak.ac> | 2023-01-03 12:17:53 -0500 |
commit | f97420d43818388244988bb380dcc72c3b82a74d (patch) | |
tree | fed2c8cd14149e47dbd1ae586c3bb8062f22878c /etc/systemd/system | |
parent | Savehooks (diff) |
new he tunnel
Diffstat (limited to '')
-rw-r--r-- | etc/systemd/system/he-ipv6-update.service | 23 |
1 files changed, 15 insertions, 8 deletions
diff --git a/etc/systemd/system/he-ipv6-update.service b/etc/systemd/system/he-ipv6-update.service index 1f379de..e265b60 100644 --- a/etc/systemd/system/he-ipv6-update.service +++ b/etc/systemd/system/he-ipv6-update.service @@ -4,16 +4,23 @@ After=network-online.target [Service] Type=oneshot -ExecStart=curl --silent "https://USERNAME:PASSWORD@ipv4.tunnelbroker.net/nic/update?hostname=582358" -NoNewPrivileges=yes # Prevent acquiring new privileges. Warning: breaks execution of SUID binaries +ExecStart=curl --silent "https://USERNAME:PASSWORD@ipv4.tunnelbroker.net/nic/update?hostname=801807" +# Prevent acquiring new privileges. Warning: breaks execution of SUID binaries +NoNewPrivileges=yes PermissionsStartOnly=true -PrivateDevices=yes # Prevent access to /dev -PrivateTmp=yes # Use dedicated /tmp +# Prevent access to /dev +PrivateDevices=yes +# Use dedicated /tmp +PrivateTmp=yes PrivateUsers=true -ProtectHome=yes # Hide user homes -ProtectKernelModules=yes # Prevent loading or reading kernel modules -ProtectKernelTunables=yes # Prevent altering kernel tunables -ProtectSystem=strict # strict or full, see docs +# Hide user homes +ProtectHome=yes +# Prevent loading or reading kernel modules +ProtectKernelModules=yes +# Prevent altering kernel tunables +ProtectKernelTunables=yes +# strict or full, see docs +ProtectSystem=strict [Install] WantedBy=network-online.target |