Launch tox-bootstrapd inside network namespace.

netns-launch

#!/bin/bash

who am i 1>&2

NSNAME=tox-bootstrapd
## ${VETH_PREFIX}0 is outside, and ${VETH_PREFIX}1 is inside.
VETH_PREFIX=tox

OUT_ADDRS="
A.B.C.125/31
xxxx:xxxx:xxxx:xxxx:dead:beef:bad:face/112"

IN_ADDRS="
A.B.C.124/31
xxxx:xxxx:xxxx:xxxx:dead:beef:bad:cafe/112"

IN_ROUTES="
default via A.B.C.125
default via xxxx:xxxx:xxxx:xxxx:dead:beef:bad:face"

exec_netns() {
        echo $* | ip netns exec "$NSNAME" bash -s 2>/dev/null
}

# Do not recreate the ns.
( ip netns list | grep "$NSNAME" > /dev/null ) && exit

# Create the namespace
ip netns add "$NSNAME"
ip link add ${VETH_PREFIX}0 type veth peer name ${VETH_PREFIX}1
ip link set dev ${VETH_PREFIX}1 netns "$NSNAME"
ip link set dev ${VETH_PREFIX}0 up

exec_netns ip link set lo up
exec_netns ip link set ${VETH_PREFIX}1 up

for addr in $OUT_ADDRS
do
        ip addr add $addr dev ${VETH_PREFIX}0
done

for addr in $IN_ADDRS
do
        exec_netns ip addr add $addr dev ${VETH_PREFIX}1
done

IFS='
'

for route in $IN_ROUTES
do
        exec_netns ip route add $route
done

# Configure NDP relay
service ndppd restart
install -m 0660 -d /var/run/netns-$NSNAME

tox-bootstrapd.service

[Unit]
Description=Tox DHT Bootstrap Daemon
After=network.target

[Service]
Type=forking
RuntimeDirectory=tox-bootstrapd
RuntimeDirectoryMode=750
PIDFile=/var/lib/tox-bootstrapd/tox-bootstrapd.pid
WorkingDirectory=/var/lib/tox-bootstrapd
ExecStartPre=/usr/local/bin/netns-launch
ExecStart=/sbin/ip netns exec tox-bootstrapd sudo -u tox-bootstrapd -g tox-bootstrapd /usr/local/bin/tox-bootstrapd --config /etc/tox-bootstrapd.conf
#User=tox-bootstrapd
#Group=tox-bootstrapd
#PermissionsStartOnly=true
#CapabilityBoundingSet=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target