mostly fixes, a few improvements

[distro-setup] / trusted-network

diff --git a/trusted-network b/trusted-network
index 894815ebed59fa7aa5588827765807ffb995dd1d..825604e8421e21698b066860f0fb8dfe3807b471 100755 (executable)
--- a/trusted-network
+++ b/trusted-network
@@ -6,7 +6,7 @@
 
 [[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
 
-source /a/bin/errhandle/err
+source /a/bin/bash-bear-trap/bash-bear
 
 readonly this_file=$(readlink -f -- "${BASH_SOURCE[0]}")
 readonly this_dir="${this_file%/*}"
@@ -57,13 +57,17 @@ if $trust; then
     fi
   fi
 
-  rm -fv /etc/systemd/resolved.conf.d/untrusted-network.conf
+  # https://github.com/jonathanio/update-systemd-resolved
+  # suggests this will help prevent leakage into a vpn interface
+  cat >/etc/systemd/resolved.conf.d/untrusted-network.conf <<EOF
+Domains=~.
+EOF
 else  #untrusted
   # https://wiki.archlinux.org/index.php/Systemd-resolved#Manually
   cat >/etc/systemd/resolved.conf.d/untrusted-network.conf <<EOF
 [Resolve]
 DNS=${servers[@]}
-Domains=b8.nz
+Domains=~. b8.nz
 DNSOverTLS=yes
 EOF
 
@@ -109,8 +113,9 @@ if [[ $gateway_if ]]; then
     m ifup $gateway_if
   fi
 
-  # at least on systemd 237 ifupdown it sets a global and this is not needed
-  systemd-resolve --interface=$gateway_if --revert
+  # At least on systemd 237 ifupdown it sets a global and this is not
+  # needed. we are way past that, but I dont think it hurts.
+  resolvectl revert $gateway_if
 else
   e $0: no gateway_if found
 fi