diff options
Diffstat (limited to '')
-rw-r--r-- | etc/systemd/system/he-ipv6-update.service | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/etc/systemd/system/he-ipv6-update.service b/etc/systemd/system/he-ipv6-update.service new file mode 100644 index 0000000..e265b60 --- /dev/null +++ b/etc/systemd/system/he-ipv6-update.service @@ -0,0 +1,26 @@ +[Unit] +Description=Update he-ipv6 tunnel end point +After=network-online.target + +[Service] +Type=oneshot +ExecStart=curl --silent "https://USERNAME:PASSWORD@ipv4.tunnelbroker.net/nic/update?hostname=801807" +# Prevent acquiring new privileges. Warning: breaks execution of SUID binaries +NoNewPrivileges=yes +PermissionsStartOnly=true +# Prevent access to /dev +PrivateDevices=yes +# Use dedicated /tmp +PrivateTmp=yes +PrivateUsers=true +# Hide user homes +ProtectHome=yes +# Prevent loading or reading kernel modules +ProtectKernelModules=yes +# Prevent altering kernel tunables +ProtectKernelTunables=yes +# strict or full, see docs +ProtectSystem=strict + +[Install] +WantedBy=network-online.target |