mirror of
https://github.com/tommytran732/Linux-Setup-Scripts
synced 2024-11-22 01:21:33 -05:00
Fix unbound config
Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
parent
88bcc610a9
commit
0f09f6b5c3
@ -10,7 +10,7 @@ sudo find /etc/apt/sources.list.d -type f -exec sudo sed -i 's/http:/https:/g' {
|
|||||||
|
|
||||||
sudo apt update
|
sudo apt update
|
||||||
sudo apt upgrade -y
|
sudo apt upgrade -y
|
||||||
sudo apt install -y --no-install-recommends tuned unbound ufw
|
sudo apt install -y --no-install-recommends tuned unbound resolvconf ufw
|
||||||
|
|
||||||
sudo ufw enable
|
sudo ufw enable
|
||||||
sudo ufw allow 22/tcp
|
sudo ufw allow 22/tcp
|
||||||
@ -20,6 +20,7 @@ sudo tuned-adm profile virtual-guest
|
|||||||
echo 'server:
|
echo 'server:
|
||||||
trust-anchor-signaling: yes
|
trust-anchor-signaling: yes
|
||||||
root-key-sentinel: yes
|
root-key-sentinel: yes
|
||||||
|
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
|
||||||
|
|
||||||
hide-identity: yes
|
hide-identity: yes
|
||||||
hide-trustanchor: yes
|
hide-trustanchor: yes
|
||||||
@ -86,6 +87,7 @@ BindReadOnlyPaths=-/dev/urandom:@UNBOUND_CHROOT_DIR@/dev/urandom
|
|||||||
BindPaths=-/dev/log:@UNBOUND_CHROOT_DIR@/dev/log' | sudo tee /etc/systemd/system/unbound.service.d/override.conf
|
BindPaths=-/dev/log:@UNBOUND_CHROOT_DIR@/dev/log' | sudo tee /etc/systemd/system/unbound.service.d/override.conf
|
||||||
|
|
||||||
sudo systemctl restart unbound
|
sudo systemctl restart unbound
|
||||||
|
sudo systemctl disable --now systemd-resolved
|
||||||
|
|
||||||
sudo mkdir -p /etc/systemd/system/sshd.service.d
|
sudo mkdir -p /etc/systemd/system/sshd.service.d
|
||||||
sudo curl https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/systemd/system/sshd.service.d/limits.conf -o /etc/systemd/system/sshd.service.d/limits.conf
|
sudo curl https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/systemd/system/sshd.service.d/limits.conf -o /etc/systemd/system/sshd.service.d/limits.conf
|
||||||
@ -107,4 +109,4 @@ sudo curl https://gitlab.com/divested/brace/-/raw/master/brace/usr/lib/systemd/s
|
|||||||
echo "* hard core 0" | tee -a /etc/security/limits.conf
|
echo "* hard core 0" | tee -a /etc/security/limits.conf
|
||||||
|
|
||||||
# Enable fstrim.timer
|
# Enable fstrim.timer
|
||||||
sudo ystemctl enable --now fstrim.timer
|
sudo ystemctl enable --now fstrim.timer
|
||||||
|
Loading…
Reference in New Issue
Block a user