summaryrefslogtreecommitdiff
path: root/roles/linux-ns/files/systemd/dn42_wg@.service
diff options
context:
space:
mode:
Diffstat (limited to 'roles/linux-ns/files/systemd/dn42_wg@.service')
-rw-r--r--roles/linux-ns/files/systemd/dn42_wg@.service5
1 files changed, 3 insertions, 2 deletions
diff --git a/roles/linux-ns/files/systemd/dn42_wg@.service b/roles/linux-ns/files/systemd/dn42_wg@.service
index 16a1ba6..0f67fda 100644
--- a/roles/linux-ns/files/systemd/dn42_wg@.service
+++ b/roles/linux-ns/files/systemd/dn42_wg@.service
@@ -1,5 +1,3 @@
-# wireguard tunnels inside the namespace
-
[Unit]
Description=WireGuard via wg-quick(8) for %I
PartOf=wg-quick.target
@@ -22,6 +20,9 @@ Environment=WG_ENDPOINT_RESOLUTION_RETRIES=infinity
NetworkNamespacePath=/run/netns/dn42
BindReadOnlyPaths=/etc/netns/dn42/resolv.conf:/etc/resolv.conf
ProtectSystem=strict
+PrivateTmp=true
+PrivateDevices=true
+PrivateIPC=true
[Install]
WantedBy=multi-user.target
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-22 21:06:50 +0000