From b59756351ede9a42f43175fc7e48dc5f323f5ee0 Mon Sep 17 00:00:00 2001
From: Wojciech Kosior <kwojtus@protonmail.com>
Date: Fri, 22 May 2020 03:44:59 +0200
Subject: [PATCH] add script that prepares system for use of our wrapper script

---
 install.sh | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100755 install.sh

diff --git a/install.sh b/install.sh
new file mode 100755
index 0000000..3b3d4e2
--- /dev/null
+++ b/install.sh
@@ -0,0 +1,22 @@
+#!/bin/sh
+
+# run this script as root
+
+# more could go here (e.g. initialization of postgres database)
+
+mkdir -p /var/lib/0tdns/
+
+mkdir -p /etc/netns/0tdns/
+
+# in case we want some process in the namespace to be able
+# to resolve domain names via libc we put some random public
+# dns in namespace sepcific's resolv.conf;
+# note, that while libunbound we're using will probably have
+# dns addresses provided by us, it is still possible to pass
+# a domain name as forwarder address to unbound, in which case
+# it will try to resolve it first using libc
+echo nameserver 23.253.163.53 > /etc/netns/0tdns/resolv.conf
+
+# part of the program running inside network namespace
+# will run under this user
+sudo useradd --system 0tdns
-- 
2.11.4.GIT