mainly fix vpn dns issue

diff --git a/brc2 b/brc2
index 6effa21c788e939e514c7a1c17887bae135c9bea..9c941fec155146f664ce3a5b5f4d6cf7f556474d 100644 (file)
--- a/brc2
+++ b/brc2
@@ -630,6 +630,9 @@ digme() {
   digdiff @ns{1,2}.iankelling.org "$@"
 }
 
+tsr() { # ts run
+  "$@" |& ts || return $?
+}
 
 dup() {
   local ran_d
@@ -638,20 +641,20 @@ dup() {
   case $PS1 in
     *[\ \]]D\ *)
       pushd /
-      /b/ds/distro-begin || return $?
-      /b/ds/distro-end || return $?
+      /b/ds/distro-begin |& ts || return $?
+      /b/ds/distro-end |& ts || return $?
       popd
       ran_d=true
       ;;&
     *[\ \]]DB\ *)
       pushd /
-      /b/ds/distro-begin || return $?
+      /b/ds/distro-begin |& ts || return $?
       popd
       ran_d=true
       ;;
     *[\ \]]DE\ *)
       pushd /
-      /b/ds/distro-end || return $?
+      /b/ds/distro-end |& ts || return $?
       popd
       ran_d=true
       ;;&

diff --git a/distro-end b/distro-end
index 8dba035c6f7a19b1349696b4ec587d21cf8ed452..7f2f371f9d0592b309914fa9d164a2352d083b47 100755 (executable)
--- a/distro-end
+++ b/distro-end
@@ -577,12 +577,13 @@ if [[ -e /etc/wireguard/wghole.conf ]]; then
   if [[ ! -e /etc/systemd/system/wg-quick@wghole.service.d/override.conf ]]; then
     reload=true
   fi
+  sudo mkdir -p /etc/systemd/system/wg-quick@wghole.service.d
   sd /etc/systemd/system/wg-quick@wghole.service.d/override.conf <<'EOF'
 [Unit]
 StartLimitIntervalSec=0
 
 [Service]
-Restart=always
+Restart=on-failure
 RestartSec=20
 EOF
   if $reload; then ser daemon-reload; fi

diff --git a/filesystem/etc/systemd/system/systemd-resolved.service.d/override.conf b/filesystem/etc/systemd/system/systemd-resolved.service.d/override.conf
new file mode 100644 (file)
index 0000000..665303c
--- /dev/null
+++ b/filesystem/etc/systemd/system/systemd-resolved.service.d/override.conf
@@ -0,0 +1,5 @@
+[Service]
+# uncomment to debug
+#Environment=SYSTEMD_LOG_LEVEL=debug
+
+ExecStartPost=/a/bin/ds/fixvpndns

diff --git a/filesystem/etc/systemd/systemd-resolved.service.d/override.conf b/filesystem/etc/systemd/systemd-resolved.service.d/override.conf
deleted file mode 100644 (file)
index a9d504d..0000000
--- a/filesystem/etc/systemd/systemd-resolved.service.d/override.conf
+++ /dev/null
@@ -1,3 +0,0 @@
-# uncomment for debugging
-#[Service]
-#Environment=SYSTEMD_LOG_LEVEL=debug

diff --git a/fixvpndns b/fixvpndns
new file mode 100755 (executable)
index 0000000..30e0725
--- /dev/null
+++ b/fixvpndns
@@ -0,0 +1,19 @@
+#!/bin/bash
+# Copyright (C) 2019 Ian Kelling
+# SPDX-License-Identifier: AGPL-3.0-or-later
+source /a/bin/errhandle/err
+
+resolvuid=$(id -u systemd-resolve)
+case $EUID in
+  0|$resolvuid) : ;;
+  *) exec sudo -E "${BASH_SOURCE[0]}" "$@" ;;
+esac
+
+
+if ! resolvectl dnsovertls tunfsf &>/dev/null; then
+  echo failed resolvectl dnsovertls tunfsf. rerunning:
+  resolvectl dnsovertls tunfsf
+  exit 0
+fi
+read _ link _ < <(resolvectl dnsovertls tunfsf)
+busctl call org.freedesktop.resolve1 /org/freedesktop/resolve1 org.freedesktop.resolve1.Manager SetLinkDNSOverTLS is $link no

diff --git a/mail-setup b/mail-setup
index 5c5ccae88509f5b3f27badec8d96c92eefb94bad..ee758faec98250d53e22f6740ec89ef581eecead 100755 (executable)
--- a/mail-setup
+++ b/mail-setup
@@ -492,11 +492,15 @@ Requires=mailnn.service
 After=network.target mailnn.service
 JoinsNamespaceOf=mailnn.service
 BindsTo=mailnn.service
+StartLimitIntervalSec=0
 
 [Service]
 PrivateNetwork=true
 # i dont think we need any of these, but it doesnt hurt to stay consistent
 BindPaths=$bindpaths
+
+Restart=on-failure
+RestartSec=20
 EOF
     ;;
 esac