52-update-rc.d 3.08 KB
Newer Older
1 2
#!/bin/sh

3
set -e
4
set -u
5

6 7
### Tweak systemd unit files

intrigeri's avatar
intrigeri committed
8
# Workaround for https://bugs.debian.org/934389
9
systemctl enable memlockd.service
10 11

# Enable our own systemd unit files
12
systemctl enable initramfs-shutdown.service
13
systemctl enable onion-grater.service
14
systemctl enable tails-synchronize-data-to-new-persistent-volume-on-shutdown.service
15
systemctl enable tails-autotest-broken-Xorg.service
16
systemctl enable tails-autotest-remote-shell.service
17
systemctl enable tails-remove-overlayfs-dirs.service
18
systemctl enable tails-set-wireless-devices-state.service
19
systemctl enable tails-shutdown-on-media-removal.service
20
systemctl enable tails-tor-has-bootstrapped.target
21
systemctl enable tails-wait-until-tor-has-bootstrapped.service
22
systemctl enable tails-tor-has-bootstrapped-flag-file.service
23
systemctl enable run-initramfs.mount
24
systemctl enable var-tmp.mount
25

26 27
# Enable our own systemd user unit files
systemctl --global enable tails-add-GNOME-bookmarks.service
28
systemctl --global enable tails-additional-software-install.service
29 30
systemctl --global enable tails-configure-keyboard.service
systemctl --global enable tails-create-tor-browser-directories.service
31
systemctl --global enable tails-kill-gdm-session.service
32 33 34
systemctl --global enable tails-security-check.service
systemctl --global enable tails-upgrade-frontend.service
systemctl --global enable tails-virt-notify-user.service
35
systemctl --global enable tails-wait-until-tor-has-bootstrapped.service
36

37
# Use socket activation only, to delay the startup of cupsd.
intrigeri's avatar
intrigeri committed
38
# In practice, this means that cupsd is started during
39 40
# the initialization of the GNOME session, which is fine: by then,
# the persistent /etc/cups has been mounted.
41 42
systemctl disable cups.service
systemctl enable  cups.socket
43

intrigeri's avatar
intrigeri committed
44
# We're starting NetworkManager and Tor ourselves.
45 46 47 48
# We disable tor.service (as opposed to tor@default.service) because
# it's an important goal to never start Tor before the user has had
# a chance to choose to do so in an obfuscated way: if some other
# package enables tor@whatever.service someday, disabling tor.service
intrigeri's avatar
intrigeri committed
49
# will disable it as well, while disabling tor@default.service would not.
50
systemctl disable tor.service
51 52
systemctl disable NetworkManager.service
systemctl disable NetworkManager-wait-online.service
53

54
# systemd-networkd fallbacks to Google's nameservers when no other nameserver
intrigeri's avatar
intrigeri committed
55 56
# is provided by the network configuration. As of Debian Buster,
# this service is disabled
57 58 59 60
# by default, but it feels safer to make this explicit. Besides, it might be
# that systemd-networkd vs. firewall setup ordering is suboptimal in this respect,
# so let's avoid any risk of DNS leaks here.
systemctl mask systemd-networkd.service
61 62

# Do not sync the system clock to the hardware clock on shutdown
63
systemctl mask hwclock-save.service
64 65 66

# Do not run timesyncd: we have our own time synchronization mechanism
systemctl mask systemd-timesyncd.service
67

68 69
# Do not let pppd-dns manage /etc/resolv.conf
systemctl mask pppd-dns.service
70 71 72

# Conflicts with our custom shutdown procedure
systemctl mask live-tools.service
73 74 75

# "Daily man-db regeneration" is not needed in Tails (#16631)
systemctl mask man-db.timer