mistborn/scripts/services/Mistborn-base.service

[Unit]
Description=Mistborn Base
Requires=docker.service
Requires=netfilter-persistent.service
After=docker.service
After=netfilter-persistent.service

[Service]
EnvironmentFile=/opt/mistborn/.envs/.production/.global
EnvironmentFile=/opt/mistborn/.env
Restart=always
User=mistborn
Group=docker
PermissionsStartOnly=true
# Shutdown container (if running) when unit is stopped
ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/base.yml down

ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/base.yml build
ExecStartPre=-/sbin/ip address add 10.2.3.1/30 dev $DIFACE
ExecStartPre=/sbin/iptables -w -I DOCKER-USER -i $DIFACE -p udp --dport 53 -j MISTBORN_LOG_DROP
ExecStartPre=/sbin/iptables -w -I DOCKER-USER -i $DIFACE -p tcp --dport 53 -j MISTBORN_LOG_DROP
ExecStartPre=/sbin/iptables -w -I DOCKER-USER -i $DIFACE -p tcp --dport 80 -j MISTBORN_LOG_DROP
ExecStartPre=/sbin/iptables -w -I DOCKER-USER -i $DIFACE -p tcp --dport 443 -j MISTBORN_LOG_DROP
#ExecStartPre=/sbin/iptables -w -I DOCKER-USER -i $DIFACE -p tcp --dport 5555 -j MISTBORN_LOG_DROP
ExecStartPre=/sbin/iptables -w -A OUTPUT -o $DIFACE -p udp --dport 53 -j MISTBORN_LOG_DROP
ExecStartPre=/sbin/ip6tables -w -A OUTPUT -p udp --dport 53 -j MISTBORN_LOG_DROP
ExecStartPre=/sbin/resolvconf -u
# Start container when unit is started
ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/base.yml up
# Stop container when unit is stopped
ExecStop=/usr/local/bin/docker-compose -f /opt/mistborn/base.yml down
# Post stop
ExecStopPost=-/sbin/iptables -D DOCKER-USER -i $DIFACE -p udp --dport 53 -j MISTBORN_LOG_DROP
ExecStopPost=-/sbin/iptables -D DOCKER-USER -i $DIFACE -p tcp --dport 53 -j MISTBORN_LOG_DROP
ExecStopPost=-/sbin/iptables -D DOCKER-USER -i $DIFACE -p tcp --dport 80 -j MISTBORN_LOG_DROP
ExecStopPost=-/sbin/iptables -D DOCKER-USER -i $DIFACE -p tcp --dport 443 -j MISTBORN_LOG_DROP
#ExecStopPost=-/sbin/iptables -D DOCKER-USER -i $DIFACE -p tcp --dport 5555 -j MISTBORN_LOG_DROP
ExecStopPost=-/sbin/iptables -D OUTPUT -o $DIFACE -p udp --dport 53 -j MISTBORN_LOG_DROP
ExecStopPost=-/sbin/ip6tables -D OUTPUT -p udp --dport 53 -j MISTBORN_LOG_DROP

[Install]
WantedBy=multi-user.target
Docker 6 years ago			`[Unit]`
			`Description=Mistborn Base`
			`Requires=docker.service`
systemd require netfilter-persistent 5 years ago			`Requires=netfilter-persistent.service`
Docker 6 years ago			`After=docker.service`
systemd require netfilter-persistent 5 years ago			`After=netfilter-persistent.service`
Docker 6 years ago
			`[Service]`
systemd 5 years ago			`EnvironmentFile=/opt/mistborn/.envs/.production/.global`
			`EnvironmentFile=/opt/mistborn/.env`
Docker 6 years ago			`Restart=always`
systemd 5 years ago			`User=mistborn`
Docker 6 years ago			`Group=docker`
			`PermissionsStartOnly=true`
			`# Shutdown container (if running) when unit is stopped`
			`ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/base.yml down`
Volumes 6 years ago
Docker 6 years ago			`ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/base.yml build`
systemd 5 years ago			`ExecStartPre=-/sbin/ip address add 10.2.3.1/30 dev $DIFACE`
			`ExecStartPre=/sbin/iptables -w -I DOCKER-USER -i $DIFACE -p udp --dport 53 -j MISTBORN_LOG_DROP`
			`ExecStartPre=/sbin/iptables -w -I DOCKER-USER -i $DIFACE -p tcp --dport 53 -j MISTBORN_LOG_DROP`
			`ExecStartPre=/sbin/iptables -w -I DOCKER-USER -i $DIFACE -p tcp --dport 80 -j MISTBORN_LOG_DROP`
			`ExecStartPre=/sbin/iptables -w -I DOCKER-USER -i $DIFACE -p tcp --dport 443 -j MISTBORN_LOG_DROP`
			`#ExecStartPre=/sbin/iptables -w -I DOCKER-USER -i $DIFACE -p tcp --dport 5555 -j MISTBORN_LOG_DROP`
			`ExecStartPre=/sbin/iptables -w -A OUTPUT -o $DIFACE -p udp --dport 53 -j MISTBORN_LOG_DROP`
cockpit env 6 years ago			`ExecStartPre=/sbin/ip6tables -w -A OUTPUT -p udp --dport 53 -j MISTBORN_LOG_DROP`
Docker 6 years ago			`ExecStartPre=/sbin/resolvconf -u`
			`# Start container when unit is started`
			`ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/base.yml up`
			`# Stop container when unit is stopped`
			`ExecStop=/usr/local/bin/docker-compose -f /opt/mistborn/base.yml down`
			`# Post stop`
systemd 5 years ago			`ExecStopPost=-/sbin/iptables -D DOCKER-USER -i $DIFACE -p udp --dport 53 -j MISTBORN_LOG_DROP`
			`ExecStopPost=-/sbin/iptables -D DOCKER-USER -i $DIFACE -p tcp --dport 53 -j MISTBORN_LOG_DROP`
			`ExecStopPost=-/sbin/iptables -D DOCKER-USER -i $DIFACE -p tcp --dport 80 -j MISTBORN_LOG_DROP`
			`ExecStopPost=-/sbin/iptables -D DOCKER-USER -i $DIFACE -p tcp --dport 443 -j MISTBORN_LOG_DROP`
			`#ExecStopPost=-/sbin/iptables -D DOCKER-USER -i $DIFACE -p tcp --dport 5555 -j MISTBORN_LOG_DROP`
			`ExecStopPost=-/sbin/iptables -D OUTPUT -o $DIFACE -p udp --dport 53 -j MISTBORN_LOG_DROP`
Resolve "LAN server: modify DNS setup so .mistborn domains route through Wireguard on LANs" 6 years ago			`ExecStopPost=-/sbin/ip6tables -D OUTPUT -p udp --dport 53 -j MISTBORN_LOG_DROP`
Docker 6 years ago
			`[Install]`
			`WantedBy=multi-user.target`