From 7fec422f1845e244328a9a3be344617b8c05f398 Mon Sep 17 00:00:00 2001 From: Ryan Kavanagh Date: Tue, 19 Jul 2022 11:28:26 -0400 Subject: update systemd config --- etc/systemd/system/he-ipv6-update.service | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 etc/systemd/system/he-ipv6-update.service (limited to 'etc/systemd/system/he-ipv6-update.service') diff --git a/etc/systemd/system/he-ipv6-update.service b/etc/systemd/system/he-ipv6-update.service new file mode 100644 index 0000000..1f379de --- /dev/null +++ b/etc/systemd/system/he-ipv6-update.service @@ -0,0 +1,19 @@ +[Unit] +Description=Update he-ipv6 tunnel end point +After=network-online.target + +[Service] +Type=oneshot +ExecStart=curl --silent "https://USERNAME:PASSWORD@ipv4.tunnelbroker.net/nic/update?hostname=582358" +NoNewPrivileges=yes # Prevent acquiring new privileges. Warning: breaks execution of SUID binaries +PermissionsStartOnly=true +PrivateDevices=yes # Prevent access to /dev +PrivateTmp=yes # Use dedicated /tmp +PrivateUsers=true +ProtectHome=yes # Hide user homes +ProtectKernelModules=yes # Prevent loading or reading kernel modules +ProtectKernelTunables=yes # Prevent altering kernel tunables +ProtectSystem=strict # strict or full, see docs + +[Install] +WantedBy=network-online.target -- cgit v1.2.3