iankelling.org
/
git
/
distro-setup
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
minor improvements
[distro-setup]
/
trusted-network
diff --git
a/trusted-network
b/trusted-network
index f396803b72043467f97b64bf86688e6a96c79acf..825604e8421e21698b066860f0fb8dfe3807b471 100755
(executable)
--- a/
trusted-network
+++ b/
trusted-network
@@
-6,7
+6,7
@@
[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
-source /a/bin/
errhandle/er
r
+source /a/bin/
bash-bear-trap/bash-bea
r
readonly this_file=$(readlink -f -- "${BASH_SOURCE[0]}")
readonly this_dir="${this_file%/*}"
readonly this_file=$(readlink -f -- "${BASH_SOURCE[0]}")
readonly this_dir="${this_file%/*}"
@@
-57,13
+57,17
@@
if $trust; then
fi
fi
fi
fi
- rm -fv /etc/systemd/resolved.conf.d/untrusted-network.conf
+ # https://github.com/jonathanio/update-systemd-resolved
+ # suggests this will help prevent leakage into a vpn interface
+ cat >/etc/systemd/resolved.conf.d/untrusted-network.conf <<EOF
+Domains=~.
+EOF
else #untrusted
# https://wiki.archlinux.org/index.php/Systemd-resolved#Manually
cat >/etc/systemd/resolved.conf.d/untrusted-network.conf <<EOF
[Resolve]
DNS=${servers[@]}
else #untrusted
# https://wiki.archlinux.org/index.php/Systemd-resolved#Manually
cat >/etc/systemd/resolved.conf.d/untrusted-network.conf <<EOF
[Resolve]
DNS=${servers[@]}
-Domains=b8.nz
+Domains=
~.
b8.nz
DNSOverTLS=yes
EOF
DNSOverTLS=yes
EOF