Workaround for unbound-keygen

Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
Tommy 2024-05-06 23:47:45 -07:00
parent 2e0f0719cd
commit f6751a1597
No known key found for this signature in database
GPG Key ID: 555C902A34EC968F
2 changed files with 2 additions and 1 deletions

View File

@ -232,7 +232,7 @@
"name": "postinst.service" "name": "postinst.service"
}, },
{ {
"contents": "[Unit]\nDescription=Initial System Setup Part 2\n# We run this after the packages have been overlayed\nAfter=network-online.target\nConditionPathExists=!/var/lib/%N.stamp\nConditionPathExists=/var/lib/postinst.stamp\n\n[Service]\nType=oneshot\nRemainAfterExit=yes\nExecStart=/usr/bin/echo 'libhardened_malloc.so' \u003e /etc/ld.so.preload\nExecStart=/usr/bin/systemctl enable --now firewalld\nExecStart=/usr/bin/firewall-cmd --lockdown-on\nExecStart=/usr/bin/firewall-cmd --permanent --remove-service=mds\nExecStart=/usr/bin/firewall-cmd --permanent --remove-service=dhcpv6-client\nExecStart=/usr/bin/touch /var/lib/%N.stamp\nExecStart=/usr/bin/systemctl --no-block reboot\n\n[Install]\nWantedBy=multi-user.target\n", "contents": "[Unit]\nDescription=Initial System Setup Part 2\n# We run this after the packages have been overlayed\nAfter=network-online.target\nConditionPathExists=!/var/lib/%N.stamp\nConditionPathExists=/var/lib/postinst.stamp\n\n[Service]\nType=oneshot\nRemainAfterExit=yes\nExecStart=/usr/bin/echo 'libhardened_malloc.so' \u003e /etc/ld.so.preload\nExecStart=/usr/bin/systemctl enable --now firewalld\nExecStart=/usr/bin/firewall-cmd --lockdown-on\nExecStart=/usr/bin/firewall-cmd --permanent --remove-service=mds\nExecStart=/usr/bin/firewall-cmd --permanent --remove-service=dhcpv6-client\nExecStart=/usr/bin/rm /etc/unbound/unbound_control.key\nExecStart=/usr/bin/touch /var/lib/%N.stamp\nExecStart=/usr/bin/systemctl --no-block reboot\n\n[Install]\nWantedBy=multi-user.target\n",
"enabled": true, "enabled": true,
"name": "postinst2.service" "name": "postinst2.service"
}, },

View File

@ -81,6 +81,7 @@ systemd:
ExecStart=/usr/bin/firewall-cmd --lockdown-on ExecStart=/usr/bin/firewall-cmd --lockdown-on
ExecStart=/usr/bin/firewall-cmd --permanent --remove-service=mds ExecStart=/usr/bin/firewall-cmd --permanent --remove-service=mds
ExecStart=/usr/bin/firewall-cmd --permanent --remove-service=dhcpv6-client ExecStart=/usr/bin/firewall-cmd --permanent --remove-service=dhcpv6-client
ExecStart=/usr/bin/rm /etc/unbound/unbound_control.key
ExecStart=/usr/bin/touch /var/lib/%N.stamp ExecStart=/usr/bin/touch /var/lib/%N.stamp
ExecStart=/usr/bin/systemctl --no-block reboot ExecStart=/usr/bin/systemctl --no-block reboot