From: Ian Kelling Date: Wed, 16 Feb 2022 21:14:45 +0000 (-0500) Subject: mainly fix vpn dns issue X-Git-Url: https://iankelling.org/git/?a=commitdiff_plain;h=a108e4b381c380c0bc6be19f31f4f1d6d7d7b118;p=distro-setup mainly fix vpn dns issue --- diff --git a/brc2 b/brc2 index 6effa21..9c941fe 100644 --- a/brc2 +++ b/brc2 @@ -630,6 +630,9 @@ digme() { digdiff @ns{1,2}.iankelling.org "$@" } +tsr() { # ts run + "$@" |& ts || return $? +} dup() { local ran_d @@ -638,20 +641,20 @@ dup() { case $PS1 in *[\ \]]D\ *) pushd / - /b/ds/distro-begin || return $? - /b/ds/distro-end || return $? + /b/ds/distro-begin |& ts || return $? + /b/ds/distro-end |& ts || return $? popd ran_d=true ;;& *[\ \]]DB\ *) pushd / - /b/ds/distro-begin || return $? + /b/ds/distro-begin |& ts || return $? popd ran_d=true ;; *[\ \]]DE\ *) pushd / - /b/ds/distro-end || return $? + /b/ds/distro-end |& ts || return $? popd ran_d=true ;;& diff --git a/distro-end b/distro-end index 8dba035..7f2f371 100755 --- a/distro-end +++ b/distro-end @@ -577,12 +577,13 @@ if [[ -e /etc/wireguard/wghole.conf ]]; then if [[ ! -e /etc/systemd/system/wg-quick@wghole.service.d/override.conf ]]; then reload=true fi + sudo mkdir -p /etc/systemd/system/wg-quick@wghole.service.d sd /etc/systemd/system/wg-quick@wghole.service.d/override.conf <<'EOF' [Unit] StartLimitIntervalSec=0 [Service] -Restart=always +Restart=on-failure RestartSec=20 EOF if $reload; then ser daemon-reload; fi diff --git a/filesystem/etc/systemd/system/systemd-resolved.service.d/override.conf b/filesystem/etc/systemd/system/systemd-resolved.service.d/override.conf new file mode 100644 index 0000000..665303c --- /dev/null +++ b/filesystem/etc/systemd/system/systemd-resolved.service.d/override.conf @@ -0,0 +1,5 @@ +[Service] +# uncomment to debug +#Environment=SYSTEMD_LOG_LEVEL=debug + +ExecStartPost=/a/bin/ds/fixvpndns diff --git a/filesystem/etc/systemd/systemd-resolved.service.d/override.conf b/filesystem/etc/systemd/systemd-resolved.service.d/override.conf deleted file mode 100644 index a9d504d..0000000 --- a/filesystem/etc/systemd/systemd-resolved.service.d/override.conf +++ /dev/null @@ -1,3 +0,0 @@ -# uncomment for debugging -#[Service] -#Environment=SYSTEMD_LOG_LEVEL=debug diff --git a/fixvpndns b/fixvpndns new file mode 100755 index 0000000..30e0725 --- /dev/null +++ b/fixvpndns @@ -0,0 +1,19 @@ +#!/bin/bash +# Copyright (C) 2019 Ian Kelling +# SPDX-License-Identifier: AGPL-3.0-or-later +source /a/bin/errhandle/err + +resolvuid=$(id -u systemd-resolve) +case $EUID in + 0|$resolvuid) : ;; + *) exec sudo -E "${BASH_SOURCE[0]}" "$@" ;; +esac + + +if ! resolvectl dnsovertls tunfsf &>/dev/null; then + echo failed resolvectl dnsovertls tunfsf. rerunning: + resolvectl dnsovertls tunfsf + exit 0 +fi +read _ link _ < <(resolvectl dnsovertls tunfsf) +busctl call org.freedesktop.resolve1 /org/freedesktop/resolve1 org.freedesktop.resolve1.Manager SetLinkDNSOverTLS is $link no diff --git a/mail-setup b/mail-setup index 5c5ccae..ee758fa 100755 --- a/mail-setup +++ b/mail-setup @@ -492,11 +492,15 @@ Requires=mailnn.service After=network.target mailnn.service JoinsNamespaceOf=mailnn.service BindsTo=mailnn.service +StartLimitIntervalSec=0 [Service] PrivateNetwork=true # i dont think we need any of these, but it doesnt hurt to stay consistent BindPaths=$bindpaths + +Restart=on-failure +RestartSec=20 EOF ;; esac