improve licensing

[distro-setup] / trusted-network

diff --git a/trusted-network b/trusted-network
index c0ed8a5094fcdadd153b291e4461dbf7251b37d2..755fb1f5239dd999f2388471ee6fe09e352eb25b 100755 (executable)
--- a/trusted-network
+++ b/trusted-network
@@ -8,8 +8,6 @@
 
 source /a/bin/bash-bear-trap/bash-bear
 
-readonly this_file=$(readlink -f -- "${BASH_SOURCE[0]}")
-readonly this_dir="${this_file%/*}"
 script_name="${BASH_SOURCE[0]}"
 script_name="${script_name##*/}"
 
@@ -57,13 +55,17 @@ if $trust; then
     fi
   fi
 
-  rm -fv /etc/systemd/resolved.conf.d/untrusted-network.conf
+  # https://github.com/jonathanio/update-systemd-resolved
+  # suggests this will help prevent leakage into a vpn interface
+  cat >/etc/systemd/resolved.conf.d/untrusted-network.conf <<EOF
+Domains=~.
+EOF
 else  #untrusted
   # https://wiki.archlinux.org/index.php/Systemd-resolved#Manually
   cat >/etc/systemd/resolved.conf.d/untrusted-network.conf <<EOF
 [Resolve]
 DNS=${servers[@]}
-Domains=b8.nz
+Domains=~. b8.nz
 DNSOverTLS=yes
 EOF
 
@@ -88,7 +90,7 @@ fi
 
 
 # wait for networkmanager to come back
-for f in {1..20}; do
+for ((i=0; i<10; i++)); do
   if read -r _ _ _ _  gateway_if _ < <(ip route get 8.8.8.8); then
     break
   fi