openSUSE:Systemd services

Jump to: navigation, search
This page collects systemd services that are firstly created by openSUSE packagers/developers or there're special modifications done for our distribution.

NOTE: You'd better at least check these pages below to make sure there're no ready ones in other distributions using systemd as us do. Because systemd service can cross distributions, we don't need to reinvent the wheels. Basically this page is for packagers/developers from other distributions who want to use our contributions directly.

NOTE AGAIN: The best contribution is to get these services upstreamed. So please at least try once. Working with upstream is not that hard :-)

About how to write systemd services: openSUSE:How to write a systemd service (to be translated from Chinese by marguerite)

please make this page alphabetical, thanks.

Networking

DNS

dnscrypt

# This file is part of dnscrypt
# Author: Marguerite Su <i@marguerite.su>
# Version: 1.2.0
# Description: dnscrypt is a tool developed by OpenDNS company.
#              it aims to encrypt your dns query to OpenDNS to protect from
#              middle-man attack or DNS polution(commonly see in China).
#              it publics free (also redistributes free). 
#              in openSUSE it's licensed under SuSE-Permissive(Non-free ware).
#              details see its documentation.
[Unit]
Description=Secure connection between your computer and DNS resolver(openDNS)
After=network.target

[Service]
Type=forking
PIDFile=/var/run/dnscrypt-proxy.pid
ExecStart=/usr/sbin/dnscrypt-proxy --daemonize \
          -p /var/run/dnscrypt-proxy.pid \
          -l /var/log/dnscrypt-proxy.log
Restart=on-abort

[Install]
WantedBy=multi-user.target

IPv6

He.net

# Author: Marguerite Su <i@marguerite.su>
# Use Case: You registered a He.net IPv6 tunnel, and want it connected automatically
#           without entering commands every startup.
[Unit]
Description=Daemon to start He.net IPv6
Wants=network-online.target
After=network.target

[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/sbin/ip tunnel add he-ipv6 mode sit \
          remote 66.220.19.42 local 108.171.7.158 ttl 255 ; \
          /usr/sbin/ip link set he-ipv6 up ; \
          /usr/sbin/ip addr add 2001:475:c:1183::2/64 dev he-ipv6 ; \
          /usr/sbin/ip route add ::/0 dev he-ipv6 ; \
          /usr/sbin/ip -6 addr
ExecStop=/usr/sbin/ip route delete ::/0 dev he-ipv6 ; \
         /usr/sbin/ip -6 addr del 2001:475:c:1183::2/64 dev he-ipv6 ; \
         /usr/sbin/ip link set he-ipv6 down ; \
         /usr/sbin/ip tunnel del he-ipv6

[Install]
WantedBy=multi-user.target

Please change the `remote`, `local`, `ipv6` address to your own. This is for openSUSE Chinese forum, so please don't distribute it massively.

VPN

strongswan

Strongswan in openSUSE has already got a systemd service for self startup. This service is used to automatically set up port allowing, masquerading, and forwarding for its configured vistual IP pool using iptables.

# Author: Marguerite Su <i@marguerite.su>
# Use Case: You have a strongswan vpn. You don't want to input iptables commands
#           everytime upon server restart.
[Unit]
Description=Scripts to setup iptables rules for strongswan
Wants=network-online.target
# has to start before strongswan, or it doesn't know the routes.
# so you can connect, but no traffic.
Before=strongswan.service 
After=network.target

[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/sbin/iptables -A INPUT -p udp --dport 500 -j ACCEPT ; \
          /usr/sbin/iptables -A INPUT -p udp --dport 4500 -j ACCEPT ; \
          /usr/sbin/iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE ; \
          /usr/sbin/iptables -A FORWARD -s 10.0.0.0/24 -j ACCEPT ; \
          /bin/sh -c 'echo -n 1 > /proc/sys/net/ipv4/ip_forward'
ExecStop=/bin/sh -c 'echo -n 0 > /proc/sys/net/ipv4/ip_forward' ; \
         /usr/sbin/iptables -D FORWARD -s 10.0.0.0/24 -j ACCEPT ; \
         /usr/sbin/iptables -t nat -D POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE ; \
         /usr/sbin/iptables -D INPUT -p udp --dport 4500 -j ACCEPT ; \
         /usr/sbin/iptables -D INPUT -p udp --dport 500 -j ACCEPT

[Install]
WantedBy=multi-user.target

You have to change "10.0.0.0/24" to your _rightsourceip_.