mirror of
https://github.com/ben-grande/qusal.git
synced 2024-10-01 02:35:49 -04:00
fix: use systemd-resolved DNS on boot
In case user configured Wireguard but there are no clients connected, network hooks are never run and no domains can be resolved from the sys-wireguard qube itself, therefore using Qrexec services to resolve DNS in sys-wireguard hooks doesn't work and depended on connected clients. If Wireguard systemd service wasn't run, the nameserver will be empty and that is not a problem. In case user hasn't configured the Wireguard configuration correctly, drop all connections.
This commit is contained in:
parent
14b389655b
commit
80482bfec7
@ -31,6 +31,16 @@ system_conf="/etc/wireguard/wireguard.conf"
|
|||||||
|
|
||||||
qvm-run "$qube" -- "test -f ${user_conf}" || {
|
qvm-run "$qube" -- "test -f ${user_conf}" || {
|
||||||
echo "File '${user_conf}' was not found" >&2
|
echo "File '${user_conf}' was not found" >&2
|
||||||
|
if qvm-check -q --running -- "$qube" >/dev/null 2>&1; then
|
||||||
|
qvm-pause --verbose -- "$qube"
|
||||||
|
fi
|
||||||
|
echo "Firewalling $qube to drop all connections"
|
||||||
|
qvm-firewall --verbose -- "$qube" reset
|
||||||
|
qvm-firewall --verbose -- "$qube" del --rule-no 0
|
||||||
|
qvm-firewall --verbose -- "$qube" add drop
|
||||||
|
if qvm-check -q --paused -- "$qube" >/dev/null 2>&1; then
|
||||||
|
qvm-unpause --verbose -- "$qube"
|
||||||
|
fi
|
||||||
exit 1
|
exit 1
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -53,3 +53,5 @@ if test -n "${dns}"; then
|
|||||||
set_nft_dnat "${dns_secondary_ipv}" tcp "${dns_secondary}"
|
set_nft_dnat "${dns_secondary_ipv}" tcp "${dns_secondary}"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
ln -sf /run/resolvconf/resolv.conf /etc/resolv.conf
|
||||||
|
Loading…
Reference in New Issue
Block a user