1
0
mirror of https://github.com/PrivSec-dev/privsec.dev synced 2025-02-20 18:31:35 -05:00

Add dnat-to-ns-boot.service for IVPN

This commit is contained in:
Tommy 2024-12-23 03:53:05 -07:00 committed by GitHub
parent 6e98b40914
commit a74a4f70c8
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -59,6 +59,22 @@ Unit=dnat-to-ns.service
WantedBy=multi-user.target
```
- `/etc/systemd/system/dnat-to-ns-boot.service`
```
[Unit]
Description=Run /usr/lib/qubes/qubes-setup-dnat-to-ns
StartLimitIntervalSec=0
[Service]
Type=oneshot
ExecStart=sleep 10
ExecStart=/usr/lib/qubes/qubes-setup-dnat-to-ns
[Install]
WantedBy=multi-user.target
```
Create `/etc/systemd/system/systemd-resolved.conf.d/override.conf` to disable rate limiting on systemd-resolved restarting:
```
@ -66,10 +82,11 @@ Create `/etc/systemd/system/systemd-resolved.conf.d/override.conf` to disable ra
StartLimitIntervalSec=0
```
Next, enable the systemd path:
Next, enable the systemd path and service to run at boot:
```bash
sudo systemctl enable dnat-to-ns.path
sudo systemctl enable dnat-to-ns-boot.service
```
Finally, shut down the TemplateVM: