From 4155fd8bd0a0f57cca7b155e1bda2975aefc99b7 Mon Sep 17 00:00:00 2001 From: Aminda Suomalainen Date: Fri, 11 Jul 2025 11:14:18 +0300 Subject: [PATCH] systemd/socketd.d: fix dualstack binds for sshd & oidentd --- etc/systemd/system/oidentd.socket.d/dualstack-bind.conf | 1 + .../override.conf => socket.d/dualstack-bind.conf} | 0 etc/systemd/system/ssh.socket.d/dualstack-bind.conf | 1 + etc/systemd/system/sshd.socket.d/dualstack-bind.conf | 1 + install | 7 ++++++- 5 files changed, 9 insertions(+), 1 deletion(-) create mode 120000 etc/systemd/system/oidentd.socket.d/dualstack-bind.conf rename etc/systemd/system/{oidentd.socket.d/override.conf => socket.d/dualstack-bind.conf} (100%) create mode 120000 etc/systemd/system/ssh.socket.d/dualstack-bind.conf create mode 120000 etc/systemd/system/sshd.socket.d/dualstack-bind.conf diff --git a/etc/systemd/system/oidentd.socket.d/dualstack-bind.conf b/etc/systemd/system/oidentd.socket.d/dualstack-bind.conf new file mode 120000 index 00000000..9f6f2492 --- /dev/null +++ b/etc/systemd/system/oidentd.socket.d/dualstack-bind.conf @@ -0,0 +1 @@ +../socket.d/dualstack-bind.conf \ No newline at end of file diff --git a/etc/systemd/system/oidentd.socket.d/override.conf b/etc/systemd/system/socket.d/dualstack-bind.conf similarity index 100% rename from etc/systemd/system/oidentd.socket.d/override.conf rename to etc/systemd/system/socket.d/dualstack-bind.conf diff --git a/etc/systemd/system/ssh.socket.d/dualstack-bind.conf b/etc/systemd/system/ssh.socket.d/dualstack-bind.conf new file mode 120000 index 00000000..9f6f2492 --- /dev/null +++ b/etc/systemd/system/ssh.socket.d/dualstack-bind.conf @@ -0,0 +1 @@ +../socket.d/dualstack-bind.conf \ No newline at end of file diff --git a/etc/systemd/system/sshd.socket.d/dualstack-bind.conf b/etc/systemd/system/sshd.socket.d/dualstack-bind.conf new file mode 120000 index 00000000..9f6f2492 --- /dev/null +++ b/etc/systemd/system/sshd.socket.d/dualstack-bind.conf @@ -0,0 +1 @@ +../socket.d/dualstack-bind.conf \ No newline at end of file diff --git a/install b/install index b381877b..39617d72 100755 --- a/install +++ b/install @@ -170,18 +170,23 @@ if [ "$(id -u)" == "0" ]; then cp -v etc/systemd/system/app.slice.d/90-cpuquota.conf /etc/systemd/system/app.slice.d/90-cpuquota.conf mkdir -vp /etc/systemd/{coredump,login,oomd,journald,resolved,system,timesyncd}.conf.d/ cp -v etc/systemd/oomd.conf.d/20-oomd.conf /etc/systemd/oomd.conf.d/20-oomd.conf - mkdir -vp /etc/systemd/system/{ssh,sshd,sshguard,systemd-resolved,systemd-networkd,NetworkManager,iwd,unbound,tor,yggdrasil}.service.d/ + mkdir -vp /etc/systemd/system/{ssh,sshd,sshguard,systemd-resolved,systemd-networkd,NetworkManager,iwd,unbound,tor,oidentd,yggdrasil}.service.d/ + mkdir -vp /etc/systemd/system/{ssh,sshd,oidentd}.socket.d/ # SECURITY WARNING! cp -v etc/systemd/system/service.d/never-fail.conf /etc/systemd/system/ssh.service.d/ cp -v etc/systemd/system/service.d/never-fail.conf /etc/systemd/system/sshd.service.d/ cp -v etc/systemd/system/service.d/never-fail.conf /etc/systemd/system/sshguard.service.d/ cp -v etc/systemd/system/service.d/never-fail.conf /etc/systemd/system/systemd-resolved.service.d/ cp -v etc/systemd/system/service.d/never-fail.conf /etc/systemd/system/systemd-networkd.service.d/ + cp -v etc/systemd/system/service.d/never-fail.conf /etc/systemd/system/oidentd.service.d/ cp -v etc/systemd/system/service.d/never-fail.conf /etc/systemd/system/NetworkManager.service.d/ cp -v etc/systemd/system/service.d/never-fail.conf /etc/systemd/system/iwd.service.d/ cp -v etc/systemd/system/service.d/never-fail.conf /etc/systemd/system/unbound.service.d/ cp -v etc/systemd/system/service.d/never-fail.conf /etc/systemd/system/tor.service.d/ cp -v etc/systemd/system/service.d/never-fail.conf /etc/systemd/system/yggdrasil.service.d/ + cp -v etc/systemd/system/socket.d/dualstack-bind.conf /etc/systemd/system/ssh.socket.d/ + cp -v etc/systemd/system/socket.d/dualstack-bind.conf /etc/systemd/system/sshd.socket.d/ + cp -v etc/systemd/system/socket.d/dualstack-bind.conf /etc/systemd/system/oidentd.socket.d/ if hash systemctl 2> /dev/null; then systemctl daemon-reload