explain installer, update system services
This commit is contained in:
parent
720fc71bea
commit
4bfd3afba8
|
@ -0,0 +1,57 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
|
||||||
|
<plist version="1.0">
|
||||||
|
<dict>
|
||||||
|
<key>Label</key>
|
||||||
|
<string>Telebit Remote</string>
|
||||||
|
<key>ProgramArguments</key>
|
||||||
|
<array>
|
||||||
|
<string>/opt/telebit/bin/node</string>
|
||||||
|
<string>/opt/telebit/bin/telebit.js</string>
|
||||||
|
<string>--config</string>
|
||||||
|
<string>/opt/telebit/etc/telebit.yml</string>
|
||||||
|
</array>
|
||||||
|
<key>EnvironmentVariables</key>
|
||||||
|
<dict>
|
||||||
|
<key>TELEBIT_PATH</key>
|
||||||
|
<string>/opt/telebit</string>
|
||||||
|
<key>NODE_PATH</key>
|
||||||
|
<string>/opt/telebit/lib/node_modules</string>
|
||||||
|
<key>NPM_CONFIG_PREFIX</key>
|
||||||
|
<string>/opt/telebit</string>
|
||||||
|
</dict>
|
||||||
|
|
||||||
|
<key>UserName</key>
|
||||||
|
<string>root</string>
|
||||||
|
<key>GroupName</key>
|
||||||
|
<string>wheel</string>
|
||||||
|
<key>InitGroups</key>
|
||||||
|
<true/>
|
||||||
|
|
||||||
|
<key>RunAtLoad</key>
|
||||||
|
<true/>
|
||||||
|
<key>KeepAlive</key>
|
||||||
|
<dict>
|
||||||
|
<key>Crashed</key>
|
||||||
|
<true/>
|
||||||
|
<key>SuccessfulExit</key>
|
||||||
|
<false/>
|
||||||
|
</dict>
|
||||||
|
|
||||||
|
<key>SoftResourceLimits</key>
|
||||||
|
<dict>
|
||||||
|
<key>NumberOfFiles</key>
|
||||||
|
<integer>8192</integer>
|
||||||
|
</dict>
|
||||||
|
<key>HardResourceLimits</key>
|
||||||
|
<dict/>
|
||||||
|
|
||||||
|
<key>WorkingDirectory</key>
|
||||||
|
<string>/opt/telebit</string>
|
||||||
|
|
||||||
|
<key>StandardErrorPath</key>
|
||||||
|
<string>/opt/telebit/var/log/error.log</string>
|
||||||
|
<key>StandardOutPath</key>
|
||||||
|
<string>/opt/telebit/var/log/info.log</string>
|
||||||
|
</dict>
|
||||||
|
</plist>
|
|
@ -23,16 +23,16 @@ User=telebit
|
||||||
Group=telebit
|
Group=telebit
|
||||||
|
|
||||||
WorkingDirectory=/opt/telebit
|
WorkingDirectory=/opt/telebit
|
||||||
# custom directory cannot be set and will be the place where gitea exists, not the working directory
|
# custom directory cannot be set and will be the place where this exists, not the working directory
|
||||||
ExecStart=/opt/telebit/bin/node /opt/telebit/bin/telebit.js --config /etc/telebit/telebit.yml
|
ExecStart=/opt/telebit/bin/node /opt/telebit/bin/telebit.js --config /opt/telebit/etc/telebit.yml
|
||||||
ExecReload=/bin/kill -USR1 $MAINPID
|
ExecReload=/bin/kill -USR1 $MAINPID
|
||||||
|
|
||||||
# Limit the number of file descriptors and processes; see `man systemd.exec` for more limit settings.
|
# Limit the number of file descriptors and processes; see `man systemd.exec` for more limit settings.
|
||||||
# Unmodified gitea is not expected to use more than this.
|
# Unmodified, this is not expected to use more than this.
|
||||||
LimitNOFILE=1048576
|
LimitNOFILE=1048576
|
||||||
LimitNPROC=64
|
LimitNPROC=64
|
||||||
|
|
||||||
# Use private /tmp and /var/tmp, which are discarded after gitea stops.
|
# Use private /tmp and /var/tmp, which are discarded after this stops.
|
||||||
PrivateTmp=true
|
PrivateTmp=true
|
||||||
# Use a minimal /dev
|
# Use a minimal /dev
|
||||||
PrivateDevices=true
|
PrivateDevices=true
|
||||||
|
@ -40,17 +40,16 @@ PrivateDevices=true
|
||||||
ProtectHome=true
|
ProtectHome=true
|
||||||
# Make /usr, /boot, /etc and possibly some more folders read-only.
|
# Make /usr, /boot, /etc and possibly some more folders read-only.
|
||||||
ProtectSystem=full
|
ProtectSystem=full
|
||||||
# ... except /opt/gitea because we want a place for the database
|
# ... except /opt/telebit because we want a place for config, logs, etc
|
||||||
# and /var/log/gitea because we want a place where logs can go.
|
|
||||||
# This merely retains r/w access rights, it does not add any new.
|
# This merely retains r/w access rights, it does not add any new.
|
||||||
# Must still be writable on the host!
|
# Must still be writable on the host!
|
||||||
ReadWriteDirectories=/opt/telebit /etc/telebit
|
ReadWriteDirectories=/opt/telebit
|
||||||
|
|
||||||
# Note: in v231 and above ReadWritePaths has been renamed to ReadWriteDirectories
|
# Note: in v231 and above ReadWritePaths has been renamed to ReadWriteDirectories
|
||||||
; ReadWritePaths=/opt/telebit /etc/telebit
|
; ReadWritePaths=/opt/telebit
|
||||||
|
|
||||||
# The following additional security directives only work with systemd v229 or later.
|
# The following additional security directives only work with systemd v229 or later.
|
||||||
# They further retrict privileges that can be gained by gitea.
|
# They further retrict privileges that can be gained.
|
||||||
# Note that you may have to add capabilities required by any plugins in use.
|
# Note that you may have to add capabilities required by any plugins in use.
|
||||||
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
|
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
|
||||||
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
||||||
|
|
|
@ -1,6 +1,22 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
#<pre><code>
|
#<pre><code>
|
||||||
|
|
||||||
|
# This script does exactly 3 things for 1 good reason:
|
||||||
|
#
|
||||||
|
# What this does:
|
||||||
|
#
|
||||||
|
# 1. Detects either curl or wget and wraps them in helpers
|
||||||
|
# 2. Exports the helpers for the real installer
|
||||||
|
# 3. Downloads and runs the real installer
|
||||||
|
#
|
||||||
|
# Why
|
||||||
|
#
|
||||||
|
# 1. 'curl <smth> | bash -- some args here` breaks interactive input
|
||||||
|
# See https://stackoverflow.com/questions/16854041/bash-read-is-being-skipped-when-run-from-curl-pipe
|
||||||
|
#
|
||||||
|
# 2. It also has practical risks of running a partially downloaded script, which could be dangeresque
|
||||||
|
# See https://news.ycombinator.com/item?id=12767636
|
||||||
|
|
||||||
set -e
|
set -e
|
||||||
set -u
|
set -u
|
||||||
|
|
||||||
|
|
|
@ -1,10 +1,29 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
#<pre><code>
|
#<pre><code>
|
||||||
|
|
||||||
# This is a 3 step process
|
# What does this do.. and why?
|
||||||
# 1. First we need to figure out whether to use wget or curl for fetching remote files
|
# (and why is it so complicated?)
|
||||||
# 2. Next we need to figure out whether to use unzip or tar for downloading releases
|
#
|
||||||
# 3. We need to actually install the stuff
|
# What this does
|
||||||
|
#
|
||||||
|
# 1. Sets some vars and asks some questions
|
||||||
|
# 2. Installs everything into a single place
|
||||||
|
# (inculding deps like node.js, with the correct version)
|
||||||
|
# 3. Depending on OS, creates a user for the service
|
||||||
|
# 4. Depending on OS, register with system launcher
|
||||||
|
#
|
||||||
|
# Why
|
||||||
|
#
|
||||||
|
# So that you can get a fully configured, running product,
|
||||||
|
# with zero manual configuration in a matter of seconds -
|
||||||
|
# and have an uninstall that's just as easy.
|
||||||
|
#
|
||||||
|
# Why so complicated?
|
||||||
|
#
|
||||||
|
# To support nuance differences between various versions of
|
||||||
|
# Linux, macOS, and Android, including whether it's being
|
||||||
|
# installed with user privileges, as root, wit a system user
|
||||||
|
# system daemon launcher, etc.
|
||||||
|
|
||||||
set -e
|
set -e
|
||||||
set -u
|
set -u
|
||||||
|
@ -20,6 +39,8 @@ my_app="telebit"
|
||||||
my_bin="telebit.js"
|
my_bin="telebit.js"
|
||||||
my_name="Telebit Remote"
|
my_name="Telebit Remote"
|
||||||
my_repo="telebit.js"
|
my_repo="telebit.js"
|
||||||
|
my_root=${my_root:-} # todo better install script
|
||||||
|
sudo_cmd="sudo"
|
||||||
|
|
||||||
if [ -z "${my_email}" ]; then
|
if [ -z "${my_email}" ]; then
|
||||||
echo ""
|
echo ""
|
||||||
|
@ -136,10 +157,28 @@ if type -p setcap >/dev/null 2>&1; then
|
||||||
fi
|
fi
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
if [ -z "$(cat /etc/passwd | grep $my_user)" ]; then
|
set +e
|
||||||
echo "sudo adduser --home $TELEBIT_PATH --gecos '' --disabled-password $my_user"
|
# TODO for macOS https://apple.stackexchange.com/questions/286749/how-to-add-a-user-from-the-command-line-in-macos
|
||||||
sudo adduser --home $TELEBIT_PATH --gecos '' --disabled-password $my_user >/dev/null 2>&1
|
if type -p adduser >/dev/null 2>/dev/null; then
|
||||||
|
if [ -z "$(cat $my_root/etc/passwd | grep $my_user)" ]; then
|
||||||
|
$sudo_cmd adduser --home $TELEBIT_PATH --gecos '' --disabled-password $my_user >/dev/null 2>&1
|
||||||
|
fi
|
||||||
|
#my_user=$my_app_name
|
||||||
|
my_group=$my_user
|
||||||
|
elif [ -n "$(cat /etc/passwd | grep www-data:)" ]; then
|
||||||
|
# Linux (Ubuntu)
|
||||||
|
my_user=www-data
|
||||||
|
my_group=www-data
|
||||||
|
elif [ -n "$(cat /etc/passwd | grep _www:)" ]; then
|
||||||
|
# Mac
|
||||||
|
my_user=_www
|
||||||
|
my_group=_www
|
||||||
|
else
|
||||||
|
# Unsure
|
||||||
|
my_user=$(id -u -n) # $(whoami)
|
||||||
|
my_group=$(id -g -n)
|
||||||
fi
|
fi
|
||||||
|
set -e
|
||||||
|
|
||||||
my_config="$TELEBIT_PATH/etc/$my_app.yml"
|
my_config="$TELEBIT_PATH/etc/$my_app.yml"
|
||||||
mkdir -p "$(dirname $my_config)"
|
mkdir -p "$(dirname $my_config)"
|
||||||
|
|
Loading…
Reference in New Issue