aboutsummaryrefslogtreecommitdiff
path: root/etc/systemd/system
diff options
context:
space:
mode:
authorRyan Kavanagh <rak@rak.ac>2023-01-03 12:17:53 -0500
committerRyan Kavanagh <rak@rak.ac>2023-01-03 12:17:53 -0500
commitf97420d43818388244988bb380dcc72c3b82a74d (patch)
treefed2c8cd14149e47dbd1ae586c3bb8062f22878c /etc/systemd/system
parentSavehooks (diff)
new he tunnel
Diffstat (limited to '')
-rw-r--r--etc/systemd/system/he-ipv6-update.service23
1 files changed, 15 insertions, 8 deletions
diff --git a/etc/systemd/system/he-ipv6-update.service b/etc/systemd/system/he-ipv6-update.service
index 1f379de..e265b60 100644
--- a/etc/systemd/system/he-ipv6-update.service
+++ b/etc/systemd/system/he-ipv6-update.service
@@ -4,16 +4,23 @@ After=network-online.target
[Service]
Type=oneshot
-ExecStart=curl --silent "https://USERNAME:PASSWORD@ipv4.tunnelbroker.net/nic/update?hostname=582358"
-NoNewPrivileges=yes # Prevent acquiring new privileges. Warning: breaks execution of SUID binaries
+ExecStart=curl --silent "https://USERNAME:PASSWORD@ipv4.tunnelbroker.net/nic/update?hostname=801807"
+# Prevent acquiring new privileges. Warning: breaks execution of SUID binaries
+NoNewPrivileges=yes
PermissionsStartOnly=true
-PrivateDevices=yes # Prevent access to /dev
-PrivateTmp=yes # Use dedicated /tmp
+# Prevent access to /dev
+PrivateDevices=yes
+# Use dedicated /tmp
+PrivateTmp=yes
PrivateUsers=true
-ProtectHome=yes # Hide user homes
-ProtectKernelModules=yes # Prevent loading or reading kernel modules
-ProtectKernelTunables=yes # Prevent altering kernel tunables
-ProtectSystem=strict # strict or full, see docs
+# Hide user homes
+ProtectHome=yes
+# Prevent loading or reading kernel modules
+ProtectKernelModules=yes
+# Prevent altering kernel tunables
+ProtectKernelTunables=yes
+# strict or full, see docs
+ProtectSystem=strict
[Install]
WantedBy=network-online.target