use sudo_cmd as needed

README.md

@@ -20,17 +20,43 @@ The node.js netserver that's just right.
 Install Standalone
 -------
 
+### curl | bash
+
 ```bash
-# v1 in npm
-npm install -g goldilocks
+curl -fsSL https://git.daplie.com/Daplie/goldilocks.js/raw/v1.1/installer/get.sh | bash
+```
+
+### git
+
+```bash
+git clone https://git.daplie.com/Daplie/goldilocks.js
+pushd goldilocks.js
+git checkout v1.1
+bash installer/install.sh
+```
+
+### npm
+
+```bash
+# v1 in git (unauthenticated)
+npm install -g git+https://git@git.daplie.com:Daplie/goldilocks.js#v1
 
 # v1 in git (via ssh)
 npm install -g git+ssh://git@git.daplie.com:Daplie/goldilocks.js#v1
 
-# v1 in git (unauthenticated)
-npm install -g git+https://git@git.daplie.com:Daplie/goldilocks.js#v1
+# v1 in npm
+npm install -g goldilocks@v1
 ```
 
+### Uninstall
+
+```
+rm -rf /srv/goldilocks/ /var/goldilocks/ /etc/goldilocks/ /opt/goldilocks/ /var/log/goldilocks/ /etc/tmpfiles.d/goldilocks.conf /etc/systemd/system/goldilocks.service /etc/ssl/goldilocks
+```
+
+Usage
+-----
+
 ```bash
 goldilocks
 ```

dist/etc/systemd/system/goldilocks.service

@@ -26,7 +26,7 @@ Group=MY_GROUP
 Environment=GOLDILOCKS_PATH=/srv/www NODE_PATH=/opt/goldilocks/lib/node_modules NPM_CONFIG_PREFIX=/opt/goldilocks
 
 # Set a sane working directory, sane flags, and specify how to reload the config file
-WorkingDirectory=/srv/www
+WorkingDirectory=/opt/goldilocks
 ExecStart=/opt/goldilocks/bin/node /opt/goldilocks/bin/goldilocks --config /etc/goldilocks/goldilocks.yml
 ExecReload=/bin/kill -USR1 $MAINPID
 
@@ -46,7 +46,7 @@ ProtectSystem=full
 # … except TLS/SSL, ACME, and Let's Encrypt certificates
 #   and /var/log/goldilocks, because we want a place where logs can go.
 #   This merely retains r/w access rights, it does not add any new. Must still be writable on the host!
-ReadWriteDirectories=/etc/goldilocks /etc/ssl /srv/www /var/log/goldilocks
+ReadWriteDirectories=/etc/goldilocks /etc/ssl /srv/www /var/log/goldilocks /opt/goldilocks
 # you may also want to add other directories such as /opt/goldilocks /etc/acme /etc/letsencrypt
 
 # Note: in v231 and above ReadWritePaths has been renamed to ReadWriteDirectories

dist/etc/tmpfiles.d/goldilocks.conf

@@ -2,9 +2,4 @@
 # See https://www.freedesktop.org/software/systemd/man/tmpfiles.d.html
 
 # Type Path           Mode UID      GID      Age Argument
-d /etc/goldilocks          0755 www-data www-data -   -
-d /opt/goldilocks          0775 www-data www-data -   -
-d /srv/www                 0775 www-data www-data -   -
-d /etc/ssl/goldilocks      0750 www-data www-data -   -
-d /var/log/goldilocks      0750 www-data www-data -   -
-#d /run/goldilocks          0755 www-data www-data -   -
+d /run/goldilocks     0755 MY_USER  MY_GROUP -   -

install.sh

@@ -1,146 +0,0 @@
-#!/bin/bash
-
-set -e
-set -u
-
-my_tmp=$(mktemp -d)
-my_app_name=goldilocks
-my_app_pkg_name=com.daplie.goldilocks.web
-
-### IMPORTANT ###
-###  VERSION  ###
-#my_app_ver="v1.1"
-my_app_ver="installer-v2"
-my_azp_oauth3_ver="v1.2"
-export NODE_VERSION="v8.9.0"
-#################
-export NODE_PATH=$my_tmp/opt/$my_app_name/lib/node_modules
-export PATH=$PATH:$my_tmp/opt/$my_app_name/bin/
-export NPM_CONFIG_PREFIX=$my_tmp/opt/$my_app_name
-my_npm="$NPM_CONFIG_PREFIX/bin/npm"
-#################
-
-
-
-my_app_dir=$my_tmp
-my_app_dist=$my_tmp/opt/$my_app_name/lib/node_modules/$my_app_name/dist
-git_base="https://git.daplie.com/Daplie/goldilocks.js.git"
-installer_base="https://git.daplie.com/Daplie/goldilocks.js/raw/$my_app_ver"
-
-
-
-#
-# Install to tmp location, then move to /opt
-#
-echo "Installing to $my_tmp (will be moved after install)"
-mkdir -p $my_tmp/opt/$my_app_name/lib/node_modules/$my_app_name
-git clone $git_base $my_tmp/opt/$my_app_name/lib/node_modules/$my_app_name
-pushd $my_tmp/opt/$my_app_name/lib/node_modules/$my_app_name
-  git checkout $my_app_ver
-
-  mkdir -p "$my_tmp/opt/$my_app_name"/{lib,bin,etc}
-  ln -s ../lib/node_modules/$my_app_name/bin/$my_app_name.js $my_tmp/opt/$my_app_name/bin/$my_app_name
-  ln -s ../lib/node_modules/$my_app_name/bin/$my_app_name.js $my_tmp/opt/$my_app_name/bin/$my_app_name.js
-  mkdir -p "$my_tmp/etc/$my_app_name"
-  chmod 775 "$my_tmp/etc/$my_app_name"
-  cat "$my_app_dist/etc/$my_app_name/$my_app_name.example.yml" > "$my_tmp/etc/$my_app_name/$my_app_name.example.yml"
-  chmod 664 "$my_tmp/etc/$my_app_name/$my_app_name.example.yml"
-  mkdir -p $my_tmp/srv/www
-  mkdir -p $my_tmp/var/www
-  mkdir -p $my_tmp/var/log/$my_app_name
-
-
-
-  #
-  # Helpers
-  #
-  source ./installer/sudo-cmd.sh
-  source ./installer/http-get.sh
-
-
-
-  #
-  # Dependencies
-  #
-  echo $NODE_VERSION > /tmp/NODEJS_VER
-  http_bash "https://git.coolaj86.com/coolaj86/node-installer.sh/raw/v1.1/install.sh"
-  $my_npm install -g npm@4
-  pushd $my_tmp/opt/$my_app_name/lib/node_modules/$my_app_name
-    $my_npm install
-  popd
-  pushd $my_tmp/opt/$my_app_name/lib/node_modules/$my_app_name/packages/assets
-    OAUTH3_GIT_URL="https://git.daplie.com/Oauth3/oauth3.js.git"
-    git clone ${OAUTH3_GIT_URL} oauth3.org || true
-    ln -s oauth3.org org.oauth3
-    pushd oauth3.org
-      git remote set-url origin ${OAUTH3_GIT_URL}
-      git checkout $my_azp_oauth3_ver
-      git pull
-    popd
-
-    mkdir -p jquery.com
-    ln -s jquery.com com.jquery
-    pushd jquery.com
-      http_get 'https://code.jquery.com/jquery-3.1.1.js' jquery-3.1.1.js
-    popd
-
-    mkdir -p google.com
-    ln -s google.com com.google
-    pushd google.com
-      http_get 'https://ajax.googleapis.com/ajax/libs/angularjs/1.6.2/angular.min.js' angular.1.6.2.min.js
-    popd
-
-    mkdir -p well-known
-    ln -s well-known .well-known
-    pushd well-known
-      ln -snf ../oauth3.org/well-known/oauth3 ./oauth3
-    popd
-    echo "installed dependencies"
-  popd
-
-
-
-  #
-  # System Service
-  #
-  source ./installer/my-root.sh
-  echo "Pre-installation to $my_tmp complete, now installing to $my_root/ ..."
-  set +e
-  if type -p tree >/dev/null 2>/dev/null; then
-    #tree -I "node_modules|include|share" $my_tmp
-    tree -L 6 -I "include|share|npm" $my_tmp
-  else
-    ls $my_tmp
-  fi
-  set -e
-
-  source ./installer/my-user-my-group.sh
-  echo "User $my_user Group $my_group"
-
-  $sudo_cmd chown -R $my_user:$my_group $my_tmp
-  rsync -a $my_tmp/ $my_root/
-  rsync -a --ignore-existing $my_app_dist/etc/$my_app_name/$my_app_name.yml $my_root/etc/$my_app_name/$my_app_name.yml
-  source ./installer/install-system-service.sh
-
-  # Change to admin perms
-  $sudo_cmd chown -R $my_user:$my_group $my_root/opt/$my_app_name
-  $sudo_cmd chown -R $my_user:$my_group $my_root/var/www $my_root/srv/www
-
-  # make sure the files are all read/write for the owner and group, and then set
-  # the setuid and setgid bits so that any files/directories created inside these
-  # directories have the same owner and group.
-  $sudo_cmd chmod -R ug+rwX /opt/$my_app_name
-  find /opt/$my_app_name -type d -exec $sudo_cmd chmod ug+s {} \;
-popd
-
-
-rm -rf $my_tmp
-
-echo ""
-echo "$my_app_name installation complete!"
-echo ""
-echo "Restart: systemctl restart $my_app_name"
-echo "Logs: journalctl -xefu $my_app_name"
-echo "Config: /etc/$my_app_name/$my_app_name.yml"
-echo ""
-echo "Unistall: rm -rf /srv/$my_app_name/ /var/$my_app_name/ /etc/$my_app_name/ /opt/$my_app_name/ /var/log/$my_app_name/ /etc/systemd/system/$my_app_name.service"

installer/get.sh

@@ -0,0 +1,20 @@
+set -e
+set -u
+
+my_name=goldilocks
+# TODO provide an option to supply my_ver and my_tmp
+my_ver=master
+my_tmp=$(mktemp -d)
+
+mkdir -p $my_tmp/opt/$my_name/lib/node_modules/$my_name
+git clone https://git.daplie.com/Daplie/goldilocks.js.git $my_tmp/opt/$my_name/lib/node_modules/$my_name
+
+echo "Installing to $my_tmp (will be moved after install)"
+pushd $my_tmp/opt/$my_name/lib/node_modules/$my_name
+  git checkout $my_ver
+  source ./installer/install.sh
+popd
+
+echo "Installation successful, now cleaning up $my_tmp ..."
+rm -rf $my_tmp
+echo "Done"

installer/install-for-systemd.sh

@@ -11,13 +11,25 @@ sed "s/MY_USER/$my_user/g" "$my_app_dist/$my_app_systemd_service" > "$my_app_dis
 sed "s/MY_GROUP/$my_group/g" "$my_app_dist/$my_app_systemd_service.2" > "$my_app_dist/$my_app_systemd_service"
 rm "$my_app_dist/$my_app_systemd_service.2"
 safe_copy_config "$my_app_dist/$my_app_systemd_service" "$my_root/$my_app_systemd_service"
+
+sed "s/MY_USER/$my_user/g" "$my_app_dist/$my_app_systemd_tmpfiles" > "$my_app_dist/$my_app_systemd_tmpfiles.2"
+sed "s/MY_GROUP/$my_group/g" "$my_app_dist/$my_app_systemd_tmpfiles.2" > "$my_app_dist/$my_app_systemd_tmpfiles"
+rm "$my_app_dist/$my_app_systemd_tmpfiles.2"
 safe_copy_config "$my_app_dist/$my_app_systemd_tmpfiles" "$my_root/$my_app_systemd_tmpfiles"
 
-$sudo_cmd systemctl stop "${my_app_name}.service" >/dev/null 2>/dev/null
+$sudo_cmd systemctl stop "${my_app_name}.service" >/dev/null 2>/dev/null || true
 $sudo_cmd systemctl daemon-reload
 $sudo_cmd systemctl start "${my_app_name}.service"
 $sudo_cmd systemctl enable "${my_app_name}.service"
 
+echo ""
+echo ""
+echo "Fun systemd commands to remember:"
+echo "  $sudo_cmd systemctl daemon-reload"
+echo "  $sudo_cmd systemctl restart $my_app_name.service"
+echo ""
 echo "$my_app_name started with systemctl, check its status like so:"
 echo "  $sudo_cmd systemctl status $my_app_name"
-echo "  $sudo_cmd journalctl -xe -u $my_app_name"
+echo "  $sudo_cmd journalctl -xefu $my_app_name"
+echo ""
+echo ""

installer/install.sh

@@ -0,0 +1,149 @@
+#!/bin/bash
+
+set -e
+set -u
+
+
+### IMPORTANT ###
+###  VERSION  ###
+my_name=goldilocks
+my_app_pkg_name=com.daplie.goldilocks.web
+my_app_ver="v1.1"
+my_azp_oauth3_ver="v1.2"
+export NODE_VERSION="v8.9.0"
+
+if [ -z "${my_tmp-}" ]; then
+  my_tmp="$(mktemp -d)"
+  mkdir -p $my_tmp/opt/$my_name/lib/node_modules/$my_name
+  echo "Installing to $my_tmp (will be moved after install)"
+  git clone ./ $my_tmp/opt/$my_name/lib/node_modules/$my_name
+  pushd $my_tmp/opt/$my_name/lib/node_modules/$my_name
+fi
+
+#################
+export NODE_PATH=$my_tmp/opt/$my_name/lib/node_modules
+export PATH=$my_tmp/opt/$my_name/bin/:$PATH
+export NPM_CONFIG_PREFIX=$my_tmp/opt/$my_name
+my_npm="$NPM_CONFIG_PREFIX/bin/npm"
+#################
+
+
+my_app_dist=$my_tmp/opt/$my_name/lib/node_modules/$my_name/dist
+installer_base="https://git.daplie.com/Daplie/goldilocks.js/raw/$my_app_ver"
+
+# Backwards compat
+# some scripts still use the old names
+my_app_dir=$my_tmp
+my_app_name=$my_name
+
+
+
+git checkout $my_app_ver
+
+mkdir -p "$my_tmp/opt/$my_name"/{lib,bin,etc}
+ln -s ../lib/node_modules/$my_name/bin/$my_name.js $my_tmp/opt/$my_name/bin/$my_name
+ln -s ../lib/node_modules/$my_name/bin/$my_name.js $my_tmp/opt/$my_name/bin/$my_name.js
+mkdir -p "$my_tmp/etc/$my_name"
+chmod 775 "$my_tmp/etc/$my_name"
+cat "$my_app_dist/etc/$my_name/$my_name.example.yml" > "$my_tmp/etc/$my_name/$my_name.example.yml"
+chmod 664 "$my_tmp/etc/$my_name/$my_name.example.yml"
+mkdir -p $my_tmp/srv/www
+mkdir -p $my_tmp/var/www
+mkdir -p $my_tmp/var/log/$my_name
+
+
+
+#
+# Helpers
+#
+source ./installer/sudo-cmd.sh
+source ./installer/http-get.sh
+
+
+
+#
+# Dependencies
+#
+echo $NODE_VERSION > /tmp/NODEJS_VER
+http_bash "https://git.coolaj86.com/coolaj86/node-installer.sh/raw/v1.1/install.sh"
+$my_npm install -g npm@4
+pushd $my_tmp/opt/$my_name/lib/node_modules/$my_name
+  $my_npm install
+popd
+pushd $my_tmp/opt/$my_name/lib/node_modules/$my_name/packages/assets
+  OAUTH3_GIT_URL="https://git.daplie.com/Oauth3/oauth3.js.git"
+  git clone ${OAUTH3_GIT_URL} oauth3.org || true
+  ln -s oauth3.org org.oauth3
+  pushd oauth3.org
+    git remote set-url origin ${OAUTH3_GIT_URL}
+    git checkout $my_azp_oauth3_ver
+    git pull
+  popd
+
+  mkdir -p jquery.com
+  ln -s jquery.com com.jquery
+  pushd jquery.com
+    http_get 'https://code.jquery.com/jquery-3.1.1.js' jquery-3.1.1.js
+  popd
+
+  mkdir -p google.com
+  ln -s google.com com.google
+  pushd google.com
+    http_get 'https://ajax.googleapis.com/ajax/libs/angularjs/1.6.2/angular.min.js' angular.1.6.2.min.js
+  popd
+
+  mkdir -p well-known
+  ln -s well-known .well-known
+  pushd well-known
+    ln -snf ../oauth3.org/well-known/oauth3 ./oauth3
+  popd
+  echo "installed dependencies"
+popd
+
+
+
+#
+# System Service
+#
+source ./installer/my-root.sh
+echo "Pre-installation to $my_tmp complete, now installing to $my_root/ ..."
+set +e
+if type -p tree >/dev/null 2>/dev/null; then
+  #tree -I "node_modules|include|share" $my_tmp
+  tree -L 6 -I "include|share|npm" $my_tmp
+else
+  ls $my_tmp
+fi
+set -e
+
+source ./installer/my-user-my-group.sh
+echo "User $my_user Group $my_group"
+
+$sudo_cmd chown -R $my_user:$my_group $my_tmp/*
+$sudo_cmd chown root:root $my_tmp/*
+$sudo_cmd chown root:root $my_tmp
+$sudo_cmd chmod 0755 $my_tmp
+# don't change permissions on /, /etc, etc
+$sudo_cmd rsync -a --ignore-existing $my_tmp/ $my_root/
+$sudo_cmd rsync -a --ignore-existing $my_app_dist/etc/$my_name/$my_name.yml $my_root/etc/$my_name/$my_name.yml
+source ./installer/install-system-service.sh
+
+# Change to admin perms
+$sudo_cmd chown -R $my_user:$my_group $my_root/opt/$my_name
+$sudo_cmd chown -R $my_user:$my_group $my_root/var/www $my_root/srv/www
+
+# make sure the files are all read/write for the owner and group, and then set
+# the setuid and setgid bits so that any files/directories created inside these
+# directories have the same owner and group.
+$sudo_cmd chmod -R ug+rwX $my_root/opt/$my_name
+find $my_root/opt/$my_name -type d -exec $sudo_cmd chmod ug+s {} \;
+
+
+
+echo ""
+echo "$my_name installation complete!"
+echo ""
+echo ""
+echo "Update the config at: /etc/$my_name/$my_name.yml"
+echo ""
+echo "Unistall: rm -rf /srv/$my_name/ /var/$my_name/ /etc/$my_name/ /opt/$my_name/ /var/log/$my_name/ /etc/tmpfiles.d/$my_name.conf /etc/systemd/system/$my_name.service /etc/ssl/$my_name"