Skip to content

Instantly share code, notes, and snippets.

View gslav's full-sized avatar

gslav

0 followers · 1 following
View GitHub Profile
@stvhay
stvhay / wg-setup-namespace.md
Last active December 4, 2022 07:09
Set up wireguard with a network namespace such that you can specify what processes tunnel.

Synology/wg

To avoid some bugs in wg-quick and/or iptables on my Synology:

  1. I set up the wireguard device manually.
  2. I used network namespaces to create an explicit tunnel namespace. I then specified DNS for this namespace only.

Credit where credit is due. I got this idea from the Wireguard website. https://www.wireguard.com/netns/#the-new-namespace-solution

@zenofile
zenofile / wg-netns
Last active May 3, 2024 16:55
wg-quick like script with namespace support
#!/usr/bin/bash
# configuration matches the wg-quick specifications
# manual invocation:
# $ sudo wg-netns vpn-1
# via systemd:
# $ sudo systemctl start [email protected]
# examples:
@zenofile
zenofile / systemd_service_hardening.md
Created May 14, 2021 21:32 — forked from ageis/systemd_service_hardening.md
Options for hardening systemd service units

security and hardening options for systemd service units

A common and reliable pattern in service unit files is thus:

NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
DevicePolicy=closed
ProtectSystem=strict
@joshuaboniface
joshuaboniface / steam-headless-systemd.md
Last active February 22, 2025 18:24
Running Steam headless under Systemd

Initial setup guide:

https://steamcommunity.com/sharedfiles/filedetails/?id=680514371

Follow this first to get the basic manual session working.

I decided to take it one step further, and execute the whole thing from Systemd automatically on my server. This did require a bit of tweaking.

NOTE: In my usage, I named the user steam (not steamuser), it's in the group users, and its home directory is /var/home/steam; adjust any paths, etc. below to suit your actual details.