config/chroot_local-hooks/52-update-rc.d

   1 #!/bin/sh
   2
   3 set -e
   4 set -u
   5
   6 ### Tweak systemd unit files
   7
   8 # Workaround for https://bugs.debian.org/934389
   9 systemctl enable memlockd.service
  10
  11 # Enable our own systemd unit files
  12 systemctl enable initramfs-shutdown.service
  13 systemctl enable onion-grater.service
  14 systemctl enable tails-allow-external-TailsData-access.service
  15 systemctl enable tails-autotest-broken-gnome-shell.service
  16 systemctl enable tails-autotest-remote-shell.service
  17 systemctl enable tails-create-netns.service
  18 systemctl enable tails-persistent-storage.service
  19 systemctl enable tails-remove-overlayfs-dirs.service
  20 systemctl enable tails-set-wireless-devices-state.service
  21 systemctl enable tails-shutdown-on-media-removal.service
  22 systemctl enable tails-tor-has-bootstrapped.target
  23 systemctl enable tails-wait-until-tor-has-bootstrapped.service
  24 systemctl enable tails-tor-has-bootstrapped-flag-file.service
  25 systemctl enable tca-portal.socket
  26 systemctl enable run-initramfs.mount
  27 systemctl enable var-tmp.mount
  28
  29 # Enable our own systemd user unit files
  30 systemctl --global enable tails-add-GNOME-bookmarks.service
  31 systemctl --global enable tails-additional-software-install.service
  32 systemctl --global enable tails-configure-keyboard.service
  33 systemctl --global enable tails-security-check.service
  34 systemctl --global enable tails-upgrade-frontend.service
  35 systemctl --global enable tails-virt-notify-user.service
  36 systemctl --global enable tails-wait-until-tor-has-bootstrapped.service
  37 systemctl --global enable tails-create-persistent-storage.service
  38
  39 # OnionCircuits has no text input area so it does not need an IBus proxy
  40 systemctl --global enable "tails-a11y-proxy-netns@onioncircs.service"
  41
  42 for netns in tbb clearnet; do
  43     systemctl --global enable "tails-a11y-proxy-netns@${netns}.service"
  44     systemctl --global enable "tails-ibus-proxy-netns@${netns}.service"
  45 done
  46
  47 # Use socket activation only, to delay the startup of cupsd.
  48 systemctl disable cups.service
  49 systemctl enable  cups.socket
  50
  51 # We're starting NetworkManager and Tor ourselves.
  52 systemctl disable NetworkManager.service
  53 systemctl disable NetworkManager-wait-online.service
  54
  55 # systemd-networkd fallbacks to Google's nameservers when no other nameserver
  56 # is provided by the network configuration. As of Debian Buster,
  57 # this service is disabled
  58 # by default, but it feels safer to make this explicit. Besides, it might be
  59 # that systemd-networkd vs. firewall setup ordering is suboptimal in this respect,
  60 # so let's avoid any risk of DNS leaks here.
  61 systemctl mask systemd-networkd.service
  62
  63 # Do not sync the system clock to the hardware clock on shutdown
  64 systemctl mask hwclock-save.service
  65
  66 # Do not run timesyncd: we have our own time synchronization mechanism
  67 systemctl mask systemd-timesyncd.service
  68
  69 # Do not let pppd-dns manage /etc/resolv.conf
  70 systemctl mask pppd-dns.service
  71
  72 # Conflicts with our custom shutdown procedure
  73 systemctl mask live-tools.service
  74
  75 # "Daily man-db regeneration" is not needed in Tails (#16631)
  76 systemctl mask man-db.timer
  77
  78 # Blocked by our firewall so cannot work; would need some security analysis
  79 # before we enable it
  80 systemctl mask avahi-daemon.socket
  81 systemctl mask avahi-daemon.service