explain installer, update system services

This commit is contained in:
AJ ONeal 2018-06-02 02:25:41 -06:00
parent 720fc71bea
commit 4bfd3afba8
5 changed files with 127 additions and 16 deletions

View File

@ -0,0 +1,57 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>Telebit Remote</string>
<key>ProgramArguments</key>
<array>
<string>/opt/telebit/bin/node</string>
<string>/opt/telebit/bin/telebit.js</string>
<string>--config</string>
<string>/opt/telebit/etc/telebit.yml</string>
</array>
<key>EnvironmentVariables</key>
<dict>
<key>TELEBIT_PATH</key>
<string>/opt/telebit</string>
<key>NODE_PATH</key>
<string>/opt/telebit/lib/node_modules</string>
<key>NPM_CONFIG_PREFIX</key>
<string>/opt/telebit</string>
</dict>
<key>UserName</key>
<string>root</string>
<key>GroupName</key>
<string>wheel</string>
<key>InitGroups</key>
<true/>
<key>RunAtLoad</key>
<true/>
<key>KeepAlive</key>
<dict>
<key>Crashed</key>
<true/>
<key>SuccessfulExit</key>
<false/>
</dict>
<key>SoftResourceLimits</key>
<dict>
<key>NumberOfFiles</key>
<integer>8192</integer>
</dict>
<key>HardResourceLimits</key>
<dict/>
<key>WorkingDirectory</key>
<string>/opt/telebit</string>
<key>StandardErrorPath</key>
<string>/opt/telebit/var/log/error.log</string>
<key>StandardOutPath</key>
<string>/opt/telebit/var/log/info.log</string>
</dict>
</plist>

View File

@ -23,16 +23,16 @@ User=telebit
Group=telebit
WorkingDirectory=/opt/telebit
# custom directory cannot be set and will be the place where gitea exists, not the working directory
ExecStart=/opt/telebit/bin/node /opt/telebit/bin/telebit.js --config /etc/telebit/telebit.yml
# custom directory cannot be set and will be the place where this exists, not the working directory
ExecStart=/opt/telebit/bin/node /opt/telebit/bin/telebit.js --config /opt/telebit/etc/telebit.yml
ExecReload=/bin/kill -USR1 $MAINPID
# Limit the number of file descriptors and processes; see `man systemd.exec` for more limit settings.
# Unmodified gitea is not expected to use more than this.
# Unmodified, this is not expected to use more than this.
LimitNOFILE=1048576
LimitNPROC=64
# Use private /tmp and /var/tmp, which are discarded after gitea stops.
# Use private /tmp and /var/tmp, which are discarded after this stops.
PrivateTmp=true
# Use a minimal /dev
PrivateDevices=true
@ -40,17 +40,16 @@ PrivateDevices=true
ProtectHome=true
# Make /usr, /boot, /etc and possibly some more folders read-only.
ProtectSystem=full
# ... except /opt/gitea because we want a place for the database
# and /var/log/gitea because we want a place where logs can go.
# ... except /opt/telebit because we want a place for config, logs, etc
# This merely retains r/w access rights, it does not add any new.
# Must still be writable on the host!
ReadWriteDirectories=/opt/telebit /etc/telebit
ReadWriteDirectories=/opt/telebit
# Note: in v231 and above ReadWritePaths has been renamed to ReadWriteDirectories
; ReadWritePaths=/opt/telebit /etc/telebit
; ReadWritePaths=/opt/telebit
# The following additional security directives only work with systemd v229 or later.
# They further retrict privileges that can be gained by gitea.
# They further retrict privileges that can be gained.
# Note that you may have to add capabilities required by any plugins in use.
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE

View File

@ -1,6 +1,22 @@
#!/bin/bash
#<pre><code>
# This script does exactly 3 things for 1 good reason:
#
# What this does:
#
# 1. Detects either curl or wget and wraps them in helpers
# 2. Exports the helpers for the real installer
# 3. Downloads and runs the real installer
#
# Why
#
# 1. 'curl <smth> | bash -- some args here` breaks interactive input
# See https://stackoverflow.com/questions/16854041/bash-read-is-being-skipped-when-run-from-curl-pipe
#
# 2. It also has practical risks of running a partially downloaded script, which could be dangeresque
# See https://news.ycombinator.com/item?id=12767636
set -e
set -u

View File

@ -1,10 +1,29 @@
#!/bin/bash
#<pre><code>
# This is a 3 step process
# 1. First we need to figure out whether to use wget or curl for fetching remote files
# 2. Next we need to figure out whether to use unzip or tar for downloading releases
# 3. We need to actually install the stuff
# What does this do.. and why?
# (and why is it so complicated?)
#
# What this does
#
# 1. Sets some vars and asks some questions
# 2. Installs everything into a single place
# (inculding deps like node.js, with the correct version)
# 3. Depending on OS, creates a user for the service
# 4. Depending on OS, register with system launcher
#
# Why
#
# So that you can get a fully configured, running product,
# with zero manual configuration in a matter of seconds -
# and have an uninstall that's just as easy.
#
# Why so complicated?
#
# To support nuance differences between various versions of
# Linux, macOS, and Android, including whether it's being
# installed with user privileges, as root, wit a system user
# system daemon launcher, etc.
set -e
set -u
@ -20,6 +39,8 @@ my_app="telebit"
my_bin="telebit.js"
my_name="Telebit Remote"
my_repo="telebit.js"
my_root=${my_root:-} # todo better install script
sudo_cmd="sudo"
if [ -z "${my_email}" ]; then
echo ""
@ -136,10 +157,28 @@ if type -p setcap >/dev/null 2>&1; then
fi
set -e
if [ -z "$(cat /etc/passwd | grep $my_user)" ]; then
echo "sudo adduser --home $TELEBIT_PATH --gecos '' --disabled-password $my_user"
sudo adduser --home $TELEBIT_PATH --gecos '' --disabled-password $my_user >/dev/null 2>&1
set +e
# TODO for macOS https://apple.stackexchange.com/questions/286749/how-to-add-a-user-from-the-command-line-in-macos
if type -p adduser >/dev/null 2>/dev/null; then
if [ -z "$(cat $my_root/etc/passwd | grep $my_user)" ]; then
$sudo_cmd adduser --home $TELEBIT_PATH --gecos '' --disabled-password $my_user >/dev/null 2>&1
fi
#my_user=$my_app_name
my_group=$my_user
elif [ -n "$(cat /etc/passwd | grep www-data:)" ]; then
# Linux (Ubuntu)
my_user=www-data
my_group=www-data
elif [ -n "$(cat /etc/passwd | grep _www:)" ]; then
# Mac
my_user=_www
my_group=_www
else
# Unsure
my_user=$(id -u -n) # $(whoami)
my_group=$(id -g -n)
fi
set -e
my_config="$TELEBIT_PATH/etc/$my_app.yml"
mkdir -p "$(dirname $my_config)"

0
var/log/.gitkeep Normal file
View File