artakvg · December 29, 2023 13:17
diff --git a/gistfile1.txt b/gistfile1.txt

 #  SPDX-License-Identifier: LGPL-2.1-or-later
 #
 #  This file is part of systemd.
 #
 #  systemd is free software; you can redistribute it and/or modify it
 #  under the terms of the GNU Lesser General Public License as published by
 #  the Free Software Foundation; either version 2.1 of the License, or
 #  (at your option) any later version.

 [Unit]
 Description=Network Configuration
 Documentation=man:systemd-networkd.service(8)
 Documentation=man:org.freedesktop.network1(5)
 ConditionCapability=CAP_NET_ADMIN
 DefaultDependencies=no
 # systemd-udevd.service can be dropped once tuntap is moved to netlink
 After=systemd-networkd.socket systemd-udevd.service network-pre.target systemd-sysusers.service systemd-sysctl.service
 Before=network.target multi-user.target shutdown.target initrd-switch-root.target
 Conflicts=shutdown.target initrd-switch-root.target
 Wants=systemd-networkd.socket network.target

 [Service]
 AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW
 BusName=org.freedesktop.network1
 CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW
 DeviceAllow=char-* rw
 ExecStart=!!/lib/systemd/systemd-networkd
 ExecReload=networkctl reload
 FileDescriptorStoreMax=512
 LockPersonality=yes
 MemoryDenyWriteExecute=yes
 NoNewPrivileges=yes
 ProtectProc=invisible
 ProtectClock=yes
 ProtectControlGroups=yes
 ProtectHome=yes
 ProtectKernelLogs=yes
 ProtectKernelModules=yes
 ProtectSystem=strict
 Restart=on-failure
 RestartKillSignal=SIGUSR2
 RestartSec=0
 RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 AF_PACKET
 RestrictNamespaces=yes
 RestrictRealtime=yes
 RestrictSUIDSGID=yes
 RuntimeDirectory=systemd/netif
 RuntimeDirectoryPreserve=yes
 SystemCallArchitectures=native
 SystemCallErrorNumber=EPERM
 SystemCallFilter=@system-service
 Type=notify
 User=systemd-network
 WatchdogSec=3min

 [Install]
 WantedBy=multi-user.target
 Also=systemd-networkd.socket
 Alias=dbus-org.freedesktop.network1.service

 # The output from this generator is used by udevd and networkd. Enable it by
 # default when enabling systemd-networkd.service.
 Also=systemd-network-generator.service

 # We want to enable systemd-networkd-wait-online.service whenever this service
 # is enabled. systemd-networkd-wait-online.service has
 # WantedBy=network-online.target, so enabling it only has an effect if
 # network-online.target itself is enabled or pulled in by some other unit.
 Also=systemd-networkd-wait-online.service

	# SPDX-License-Identifier: LGPL-2.1-or-later
	#
	# This file is part of systemd.
	#
	# systemd is free software; you can redistribute it and/or modify it
	# under the terms of the GNU Lesser General Public License as published by
	# the Free Software Foundation; either version 2.1 of the License, or
	# (at your option) any later version.

	[Unit]
	Description=Network Configuration
	Documentation=man:systemd-networkd.service(8)
	Documentation=man:org.freedesktop.network1(5)
	ConditionCapability=CAP_NET_ADMIN
	DefaultDependencies=no
	# systemd-udevd.service can be dropped once tuntap is moved to netlink
	After=systemd-networkd.socket systemd-udevd.service network-pre.target systemd-sysusers.service systemd-sysctl.service
	Before=network.target multi-user.target shutdown.target initrd-switch-root.target
	Conflicts=shutdown.target initrd-switch-root.target
	Wants=systemd-networkd.socket network.target

	[Service]
	AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW
	BusName=org.freedesktop.network1
	CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW
	DeviceAllow=char-* rw
	ExecStart=!!/lib/systemd/systemd-networkd
	ExecReload=networkctl reload
	FileDescriptorStoreMax=512
	LockPersonality=yes
	MemoryDenyWriteExecute=yes
	NoNewPrivileges=yes
	ProtectProc=invisible
	ProtectClock=yes
	ProtectControlGroups=yes
	ProtectHome=yes
	ProtectKernelLogs=yes
	ProtectKernelModules=yes
	ProtectSystem=strict
	Restart=on-failure
	RestartKillSignal=SIGUSR2
	RestartSec=0
	RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 AF_PACKET
	RestrictNamespaces=yes
	RestrictRealtime=yes
	RestrictSUIDSGID=yes
	RuntimeDirectory=systemd/netif
	RuntimeDirectoryPreserve=yes
	SystemCallArchitectures=native
	SystemCallErrorNumber=EPERM
	SystemCallFilter=@system-service
	Type=notify
	User=systemd-network
	WatchdogSec=3min

	[Install]
	WantedBy=multi-user.target
	Also=systemd-networkd.socket
	Alias=dbus-org.freedesktop.network1.service

	# The output from this generator is used by udevd and networkd. Enable it by
	# default when enabling systemd-networkd.service.
	Also=systemd-network-generator.service

	# We want to enable systemd-networkd-wait-online.service whenever this service
	# is enabled. systemd-networkd-wait-online.service has
	# WantedBy=network-online.target, so enabling it only has an effect if
	# network-online.target itself is enabled or pulled in by some other unit.
	Also=systemd-networkd-wait-online.service