[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
-source /a/bin/errhandle/err
+source /a/bin/bash-bear-trap/bash-bear
readonly this_file=$(readlink -f -- "${BASH_SOURCE[0]}")
readonly this_dir="${this_file%/*}"
fi
fi
- rm -fv /etc/systemd/resolved.conf.d/untrusted-network.conf
+ # https://github.com/jonathanio/update-systemd-resolved
+ # suggests this will help prevent leakage into a vpn interface
+ cat >/etc/systemd/resolved.conf.d/untrusted-network.conf <<EOF
+Domains=~.
+EOF
else #untrusted
# https://wiki.archlinux.org/index.php/Systemd-resolved#Manually
cat >/etc/systemd/resolved.conf.d/untrusted-network.conf <<EOF
[Resolve]
DNS=${servers[@]}
-Domains=b8.nz
+Domains=~. b8.nz
DNSOverTLS=yes
EOF
m ifup $gateway_if
fi
- # at least on systemd 237 ifupdown it sets a global and this is not needed
- systemd-resolve --interface=$gateway_if --revert
+ # At least on systemd 237 ifupdown it sets a global and this is not
+ # needed. we are way past that, but I dont think it hurts.
+ resolvectl revert $gateway_if
else
e $0: no gateway_if found
fi