From 7fec422f1845e244328a9a3be344617b8c05f398 Mon Sep 17 00:00:00 2001
From: Ryan Kavanagh <rak@rak.ac>
Date: Tue, 19 Jul 2022 11:28:26 -0400
Subject: update systemd config

---
 etc/systemd/network/10-wlp3s0.network     |  1 -
 etc/systemd/network/20-dummy1.network     |  3 +++
 etc/systemd/network/20-dummy3.network     |  3 +++
 etc/systemd/system/he-ipv6-update.service | 19 +++++++++++++++++++
 4 files changed, 25 insertions(+), 1 deletion(-)
 create mode 100644 etc/systemd/system/he-ipv6-update.service

(limited to 'etc/systemd')

diff --git a/etc/systemd/network/10-wlp3s0.network b/etc/systemd/network/10-wlp3s0.network
index 87f68cd..65dfd51 100644
--- a/etc/systemd/network/10-wlp3s0.network
+++ b/etc/systemd/network/10-wlp3s0.network
@@ -3,4 +3,3 @@ Name=wlp3s0
 
 [Network]
 DHCP=yes
-# Tunnel=he-ipv6
diff --git a/etc/systemd/network/20-dummy1.network b/etc/systemd/network/20-dummy1.network
index 3ae219e..41bf4be 100644
--- a/etc/systemd/network/20-dummy1.network
+++ b/etc/systemd/network/20-dummy1.network
@@ -1,3 +1,6 @@
 [Match]
 Name=dummy1
 Unmanaged=yes
+
+[Network]
+Domains=~home.arpa
diff --git a/etc/systemd/network/20-dummy3.network b/etc/systemd/network/20-dummy3.network
index 8c3a2e7..e0d4be5 100644
--- a/etc/systemd/network/20-dummy3.network
+++ b/etc/systemd/network/20-dummy3.network
@@ -1,3 +1,6 @@
 [Match]
 Name=dummy3
 Unmanaged=yes
+
+[Network]
+Domains=~home.arpa
diff --git a/etc/systemd/system/he-ipv6-update.service b/etc/systemd/system/he-ipv6-update.service
new file mode 100644
index 0000000..1f379de
--- /dev/null
+++ b/etc/systemd/system/he-ipv6-update.service
@@ -0,0 +1,19 @@
+[Unit]
+Description=Update he-ipv6 tunnel end point
+After=network-online.target
+
+[Service]
+Type=oneshot
+ExecStart=curl --silent "https://USERNAME:PASSWORD@ipv4.tunnelbroker.net/nic/update?hostname=582358"
+NoNewPrivileges=yes                   # Prevent acquiring new privileges. Warning: breaks execution of SUID binaries
+PermissionsStartOnly=true
+PrivateDevices=yes                    # Prevent access to /dev
+PrivateTmp=yes                        # Use dedicated /tmp
+PrivateUsers=true
+ProtectHome=yes                       # Hide user homes
+ProtectKernelModules=yes              # Prevent loading or reading kernel modules
+ProtectKernelTunables=yes             # Prevent altering kernel tunables
+ProtectSystem=strict                  # strict or full, see docs
+
+[Install]
+WantedBy=network-online.target
-- 
cgit v1.2.3