fix: use systemd-resolved DNS on boot

In case user configured Wireguard but there are no clients connected,
network hooks are never run and no domains can be resolved from the
sys-wireguard qube itself, therefore using Qrexec services to resolve
DNS in sys-wireguard hooks doesn't work and depended on connected
clients.

If Wireguard systemd service wasn't run, the nameserver will be empty
and that is not a problem.

In case user hasn't configured the Wireguard configuration correctly,
drop all connections.
This commit is contained in:
Ben Grande 2024-07-05 12:02:40 +02:00
parent 14b389655b
commit 80482bfec7
No known key found for this signature in database
GPG Key ID: 00C64E14F51F9E56
2 changed files with 12 additions and 0 deletions

View File

@ -31,6 +31,16 @@ system_conf="/etc/wireguard/wireguard.conf"
qvm-run "$qube" -- "test -f ${user_conf}" || { qvm-run "$qube" -- "test -f ${user_conf}" || {
echo "File '${user_conf}' was not found" >&2 echo "File '${user_conf}' was not found" >&2
if qvm-check -q --running -- "$qube" >/dev/null 2>&1; then
qvm-pause --verbose -- "$qube"
fi
echo "Firewalling $qube to drop all connections"
qvm-firewall --verbose -- "$qube" reset
qvm-firewall --verbose -- "$qube" del --rule-no 0
qvm-firewall --verbose -- "$qube" add drop
if qvm-check -q --paused -- "$qube" >/dev/null 2>&1; then
qvm-unpause --verbose -- "$qube"
fi
exit 1 exit 1
} }

View File

@ -53,3 +53,5 @@ if test -n "${dns}"; then
set_nft_dnat "${dns_secondary_ipv}" tcp "${dns_secondary}" set_nft_dnat "${dns_secondary_ipv}" tcp "${dns_secondary}"
fi fi
fi fi
ln -sf /run/resolvconf/resolv.conf /etc/resolv.conf