From e8b29bb8e806acee9a1e9d18d1bb00d14cff6726 Mon Sep 17 00:00:00 2001
From: Alex Tavarez <admin@sukaato.moe>
Date: Fri, 19 Jun 2026 19:22:21 -0400
Subject: [PATCH] added systemd unit for setting iptables rules using added
 script, added DSNet systemd unit

---
 .../init-server/files/systemd/system/dsnet.service | 14 ++++++++++++++
 .../files/systemd/system/thrunet.service           | 14 ++++++++++++++
 .../files/usr/local/bin/dsnet-forward.sh           | 10 ++++++++++
 3 files changed, 38 insertions(+)
 create mode 100644 roles/init-server/files/systemd/system/dsnet.service
 create mode 100644 roles/init-server/files/systemd/system/thrunet.service
 create mode 100755 roles/init-server/files/usr/local/bin/dsnet-forward.sh

diff --git a/roles/init-server/files/systemd/system/dsnet.service b/roles/init-server/files/systemd/system/dsnet.service
new file mode 100644
index 0000000..2538293
--- /dev/null
+++ b/roles/init-server/files/systemd/system/dsnet.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=dsnet
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/dsnet up
+ExecStop=/usr/bin/dsnet down
+RemainAfterExit=yes
+ExecReload=/usr/bin/dsnet sync
+
+[Install]
+WantedBy=default.target
\ No newline at end of file
diff --git a/roles/init-server/files/systemd/system/thrunet.service b/roles/init-server/files/systemd/system/thrunet.service
new file mode 100644
index 0000000..71d7dc2
--- /dev/null
+++ b/roles/init-server/files/systemd/system/thrunet.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=thrunet
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/bin/dsnet-forward.sh start
+ExecStop=/usr/local/bin/dsnet-forward.sh stop
+RemainAfterExit=yes
+# ExecReload=/usr/bin/dsnet sync
+
+[Install]
+WantedBy=default.target
\ No newline at end of file
diff --git a/roles/init-server/files/usr/local/bin/dsnet-forward.sh b/roles/init-server/files/usr/local/bin/dsnet-forward.sh
new file mode 100755
index 0000000..a617366
--- /dev/null
+++ b/roles/init-server/files/usr/local/bin/dsnet-forward.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+set -euo pipefail
+
+if [[ "$1" == "start" ]]; then
+    /usr/sbin/iptables -A FORWARD -i dsnet -p tcp --sport {80,443,465,587,995,110,143,993} -j ACCEPT
+    /usr/sbin/iptables -t nat -A POSTROUTING -o dsnet -j MASQUERADE
+elif [[ "$1" == "stop" ]]; then
+    /usr/sbin/iptables -D FORWARD -i dsnet -p tcp --sport {80,443,465,587,995,110,143,993} -j ACCEPT
+    /usr/sbin/iptables -t nat -D POSTROUTING -o dsnet -j MASQUERADE
+fi
\ No newline at end of file