added global anytun systemd targed, improved device file handling

5 files changed, 27 insertions, 9 deletions

diff --git a/.gitignore b/.gitignore
index 80bc480..99d752f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,3 @@
-lib
-vendor
 contrib/boost-w32
 contrib/openssl-w32
 contrib/anytun-w32
diff --git a/src/Makefile b/src/Makefile
index 6f31e4a..d54ff0e 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -310,14 +310,15 @@ install-etc:
 
 install-systemd:
 	$(INSTALL) -d $(DESTDIR)$(SYSTEMDDIR)
-	$(INSTALL) -d $(DESTDIR)$(TMPFILESDDIR)
+	$(INSTALL) -m 644 ../usr/lib/systemd/system/anytun.service $(DESTDIR)$(SYSTEMDDIR)/anytun.service
 	@ sed -e 's#/usr/local/lib/#$(LIBDIR)/#' ../usr/lib/systemd/system/anytun@.service > ../usr/lib/systemd/system/anytun@.service.bak
 	@ sed -e 's#/usr/local/lib/#$(LIBDIR)/#' ../usr/lib/systemd/system/anytun-control@.service > ../usr/lib/systemd/system/anytun-control@.service.bak
 	$(INSTALL) -m 644 ../usr/lib/systemd/system/anytun@.service.bak $(DESTDIR)$(SYSTEMDDIR)/anytun@.service
 	$(INSTALL) -m 644 ../usr/lib/systemd/system/anytun-control@.service.bak $(DESTDIR)$(SYSTEMDDIR)/anytun-control@.service
-	$(INSTALL) -m 644 ../usr/lib/tmpfiles.d/anytun.conf $(DESTDIR)$(TMPFILESDDIR)/anytun.conf
 	rm -f ../usr/lib/systemd/system/anytun@.service.bak
 	rm -f ../usr/lib/systemd/system/anytun-control@.service.bak
+	$(INSTALL) -d $(DESTDIR)$(TMPFILESDDIR)
+	$(INSTALL) -m 644 ../usr/lib/tmpfiles.d/anytun.conf $(DESTDIR)$(TMPFILESDDIR)/anytun.conf
 
 install-examples:
 	$(INSTALL) -d $(DESTDIR)$(EXAMPLESDIR)/anytun
@@ -369,6 +370,7 @@ remove-etc:
 	rm -f $(DESTDIR)$(ETCDIR)/init.d/anytun
 
 remove-systemd:
+	rm -f $(DESTDIR)$(SYSTEMDDIR)/anytun.service
 	rm -f $(DESTDIR)$(SYSTEMDDIR)/anytun@.service
 	rm -f $(DESTDIR)$(SYSTEMDDIR)/anytun-control@.service
 	rm -f $(DESTDIR)$(TMPFILESDDIR)/anytun.conf
diff --git a/usr/lib/systemd/system/anytun-control@.service b/usr/lib/systemd/system/anytun-control@.service
index e8a2289..4a4fd5e 100644
--- a/usr/lib/systemd/system/anytun-control@.service
+++ b/usr/lib/systemd/system/anytun-control@.service
@@ -1,7 +1,9 @@
 [Unit]
-Description=secure anycast tunneling config daemon
-After=syslog.target network.target
+Description=secure anycast tunneling config daemon for %i
+PartOf=anytun.service
+ReloadPropagatedFrom=anytun.service
 Requires=anytun@%i.service
+Documentation=man:anytun-controld(8)
 
 [Service]
 Type=simple
diff --git a/usr/lib/systemd/system/anytun.service b/usr/lib/systemd/system/anytun.service
new file mode 100644
index 0000000..46386f4
--- /dev/null
+++ b/usr/lib/systemd/system/anytun.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Anytun Service
+After=network.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/bin/true
+ExecReload=/bin/true
+WorkingDirectory=/etc/anytun
+
+[Install]
+WantedBy=multi-user.target
diff --git a/usr/lib/systemd/system/anytun@.service b/usr/lib/systemd/system/anytun@.service
index 70fbd17..4b09163 100644
--- a/usr/lib/systemd/system/anytun@.service
+++ b/usr/lib/systemd/system/anytun@.service
@@ -1,6 +1,8 @@
 [Unit]
-Description=secure anycast tunneling daemon
-After=syslog.target network.target
+Description=secure anycast tunneling daemon for %i
+PartOf=anytun.service
+ReloadPropagatedFrom=anytun.service
+Documentation=man:anytun(8)
 
 [Service]
 Type=simple
@@ -9,9 +11,10 @@ Environment="NAME=%i" "DAEMONOPTS=-D -L stdout:3 --username anytun"
 ExecStart=/usr/local/lib/anytun-launcher vpn
 Restart=on-failure
 PrivateTmp=yes
-PrivateDevices=yes
 ProtectSystem=full
 ProtectHome=yes
+DeviceAllow=/dev/net/tun rw
+DevicePolicy=closed
 
 [Install]
 WantedBy=multi-user.target