From 51b69224c7e4bf3819dcb260f59e684c3b297cc9 Mon Sep 17 00:00:00 2001
From: uvok cheetah
Date: Sun, 9 Feb 2025 14:01:10 +0100
Subject: Update service files

restrictions
---
 roles/linux-ns/files/systemd/dn42_bird-lgproxy.service | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

(limited to 'roles/linux-ns/files/systemd/dn42_bird-lgproxy.service')

diff --git a/roles/linux-ns/files/systemd/dn42_bird-lgproxy.service b/roles/linux-ns/files/systemd/dn42_bird-lgproxy.service
index cc48ffb..273ab16 100644
--- a/roles/linux-ns/files/systemd/dn42_bird-lgproxy.service
+++ b/roles/linux-ns/files/systemd/dn42_bird-lgproxy.service
@@ -1,19 +1,22 @@
-# bird-lgproxy service for DN42
-
 [Unit]
 Description=Run Bird Looking Glass Proxy
-Requires=network-online.target bird.service
+Requires=network-online.target dn42_bird.service
 After=network-online.target dn42_bird.service
 After=dn42_namespace.service
 Requires=dn42_namespace.service
 
 [Service]
 ExecStart=/bin/bash /home/lgproxy/start.sh
+BindReadOnlyPaths=/etc/netns/dn42/resolv.conf:/etc/resolv.conf
 User=lgproxy
 WorkingDirectory=/home/lgproxy/
 Environment="LGPROXY_PORT=6042"
 Environment="LGPROXY_CONFIG_FILE=/home/lgproxy/lgp/lgproxy-dn42.cfg"
 NetworkNamespacePath=/run/netns/dn42
+Type=exec
+PrivateTmp=true
+PrivateDevices=true
+PrivateIPC=true
 
 [Install]
 WantedBy=default.target
-- 
cgit v1.2.3