explain installer, update system services
This commit is contained in:
parent
986dc1c17f
commit
b453281a6b
|
@ -0,0 +1,57 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
|
||||
<plist version="1.0">
|
||||
<dict>
|
||||
<key>Label</key>
|
||||
<string>Telebit Remote</string>
|
||||
<key>ProgramArguments</key>
|
||||
<array>
|
||||
<string>/opt/telebit/bin/node</string>
|
||||
<string>/opt/telebit/bin/telebit.js</string>
|
||||
<string>--config</string>
|
||||
<string>/opt/telebit/etc/telebit.yml</string>
|
||||
</array>
|
||||
<key>EnvironmentVariables</key>
|
||||
<dict>
|
||||
<key>TELEBIT_PATH</key>
|
||||
<string>/opt/telebit</string>
|
||||
<key>NODE_PATH</key>
|
||||
<string>/opt/telebit/lib/node_modules</string>
|
||||
<key>NPM_CONFIG_PREFIX</key>
|
||||
<string>/opt/telebit</string>
|
||||
</dict>
|
||||
|
||||
<key>UserName</key>
|
||||
<string>root</string>
|
||||
<key>GroupName</key>
|
||||
<string>wheel</string>
|
||||
<key>InitGroups</key>
|
||||
<true/>
|
||||
|
||||
<key>RunAtLoad</key>
|
||||
<true/>
|
||||
<key>KeepAlive</key>
|
||||
<dict>
|
||||
<key>Crashed</key>
|
||||
<true/>
|
||||
<key>SuccessfulExit</key>
|
||||
<false/>
|
||||
</dict>
|
||||
|
||||
<key>SoftResourceLimits</key>
|
||||
<dict>
|
||||
<key>NumberOfFiles</key>
|
||||
<integer>8192</integer>
|
||||
</dict>
|
||||
<key>HardResourceLimits</key>
|
||||
<dict/>
|
||||
|
||||
<key>WorkingDirectory</key>
|
||||
<string>/opt/telebit</string>
|
||||
|
||||
<key>StandardErrorPath</key>
|
||||
<string>/opt/telebit/var/log/error.log</string>
|
||||
<key>StandardOutPath</key>
|
||||
<string>/opt/telebit/var/log/info.log</string>
|
||||
</dict>
|
||||
</plist>
|
|
@ -23,16 +23,16 @@ User=telebit
|
|||
Group=telebit
|
||||
|
||||
WorkingDirectory=/opt/telebit
|
||||
# custom directory cannot be set and will be the place where gitea exists, not the working directory
|
||||
ExecStart=/opt/telebit/bin/node /opt/telebit/bin/telebit.js --config /etc/telebit/telebit.yml
|
||||
# custom directory cannot be set and will be the place where this exists, not the working directory
|
||||
ExecStart=/opt/telebit/bin/node /opt/telebit/bin/telebit.js --config /opt/telebit/etc/telebit.yml
|
||||
ExecReload=/bin/kill -USR1 $MAINPID
|
||||
|
||||
# Limit the number of file descriptors and processes; see `man systemd.exec` for more limit settings.
|
||||
# Unmodified gitea is not expected to use more than this.
|
||||
# Unmodified, this is not expected to use more than this.
|
||||
LimitNOFILE=1048576
|
||||
LimitNPROC=64
|
||||
|
||||
# Use private /tmp and /var/tmp, which are discarded after gitea stops.
|
||||
# Use private /tmp and /var/tmp, which are discarded after this stops.
|
||||
PrivateTmp=true
|
||||
# Use a minimal /dev
|
||||
PrivateDevices=true
|
||||
|
@ -40,17 +40,16 @@ PrivateDevices=true
|
|||
ProtectHome=true
|
||||
# Make /usr, /boot, /etc and possibly some more folders read-only.
|
||||
ProtectSystem=full
|
||||
# ... except /opt/gitea because we want a place for the database
|
||||
# and /var/log/gitea because we want a place where logs can go.
|
||||
# ... except /opt/telebit because we want a place for config, logs, etc
|
||||
# This merely retains r/w access rights, it does not add any new.
|
||||
# Must still be writable on the host!
|
||||
ReadWriteDirectories=/opt/telebit /etc/telebit
|
||||
ReadWriteDirectories=/opt/telebit
|
||||
|
||||
# Note: in v231 and above ReadWritePaths has been renamed to ReadWriteDirectories
|
||||
; ReadWritePaths=/opt/telebit /etc/telebit
|
||||
; ReadWritePaths=/opt/telebit
|
||||
|
||||
# The following additional security directives only work with systemd v229 or later.
|
||||
# They further retrict privileges that can be gained by gitea.
|
||||
# They further retrict privileges that can be gained.
|
||||
# Note that you may have to add capabilities required by any plugins in use.
|
||||
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
|
||||
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
||||
|
|
|
@ -1,6 +1,22 @@
|
|||
#!/bin/bash
|
||||
#<pre><code>
|
||||
|
||||
# This script does exactly 3 things for 1 good reason:
|
||||
#
|
||||
# What this does:
|
||||
#
|
||||
# 1. Detects either curl or wget and wraps them in helpers
|
||||
# 2. Exports the helpers for the real installer
|
||||
# 3. Downloads and runs the real installer
|
||||
#
|
||||
# Why
|
||||
#
|
||||
# 1. 'curl <smth> | bash -- some args here` breaks interactive input
|
||||
# See https://stackoverflow.com/questions/16854041/bash-read-is-being-skipped-when-run-from-curl-pipe
|
||||
#
|
||||
# 2. It also has practical risks of running a partially downloaded script, which could be dangeresque
|
||||
# See https://news.ycombinator.com/item?id=12767636
|
||||
|
||||
set -e
|
||||
set -u
|
||||
|
||||
|
|
|
@ -1,10 +1,29 @@
|
|||
#!/bin/bash
|
||||
#<pre><code>
|
||||
|
||||
# This is a 3 step process
|
||||
# 1. First we need to figure out whether to use wget or curl for fetching remote files
|
||||
# 2. Next we need to figure out whether to use unzip or tar for downloading releases
|
||||
# 3. We need to actually install the stuff
|
||||
# What does this do.. and why?
|
||||
# (and why is it so complicated?)
|
||||
#
|
||||
# What this does
|
||||
#
|
||||
# 1. Sets some vars and asks some questions
|
||||
# 2. Installs everything into a single place
|
||||
# (inculding deps like node.js, with the correct version)
|
||||
# 3. Depending on OS, creates a user for the service
|
||||
# 4. Depending on OS, register with system launcher
|
||||
#
|
||||
# Why
|
||||
#
|
||||
# So that you can get a fully configured, running product,
|
||||
# with zero manual configuration in a matter of seconds -
|
||||
# and have an uninstall that's just as easy.
|
||||
#
|
||||
# Why so complicated?
|
||||
#
|
||||
# To support nuance differences between various versions of
|
||||
# Linux, macOS, and Android, including whether it's being
|
||||
# installed with user privileges, as root, wit a system user
|
||||
# system daemon launcher, etc.
|
||||
|
||||
set -e
|
||||
set -u
|
||||
|
@ -20,6 +39,8 @@ my_app="telebit"
|
|||
my_bin="telebit.js"
|
||||
my_name="Telebit Remote"
|
||||
my_repo="telebit.js"
|
||||
my_root=${my_root:-} # todo better install script
|
||||
sudo_cmd="sudo"
|
||||
|
||||
if [ -z "${my_email}" ]; then
|
||||
echo ""
|
||||
|
@ -136,10 +157,28 @@ if type -p setcap >/dev/null 2>&1; then
|
|||
fi
|
||||
set -e
|
||||
|
||||
if [ -z "$(cat /etc/passwd | grep $my_user)" ]; then
|
||||
echo "sudo adduser --home $TELEBIT_PATH --gecos '' --disabled-password $my_user"
|
||||
sudo adduser --home $TELEBIT_PATH --gecos '' --disabled-password $my_user >/dev/null 2>&1
|
||||
set +e
|
||||
# TODO for macOS https://apple.stackexchange.com/questions/286749/how-to-add-a-user-from-the-command-line-in-macos
|
||||
if type -p adduser >/dev/null 2>/dev/null; then
|
||||
if [ -z "$(cat $my_root/etc/passwd | grep $my_user)" ]; then
|
||||
$sudo_cmd adduser --home $TELEBIT_PATH --gecos '' --disabled-password $my_user >/dev/null 2>&1
|
||||
fi
|
||||
#my_user=$my_app_name
|
||||
my_group=$my_user
|
||||
elif [ -n "$(cat /etc/passwd | grep www-data:)" ]; then
|
||||
# Linux (Ubuntu)
|
||||
my_user=www-data
|
||||
my_group=www-data
|
||||
elif [ -n "$(cat /etc/passwd | grep _www:)" ]; then
|
||||
# Mac
|
||||
my_user=_www
|
||||
my_group=_www
|
||||
else
|
||||
# Unsure
|
||||
my_user=$(id -u -n) # $(whoami)
|
||||
my_group=$(id -g -n)
|
||||
fi
|
||||
set -e
|
||||
|
||||
my_config="$TELEBIT_PATH/etc/$my_app.yml"
|
||||
mkdir -p "$(dirname $my_config)"
|
||||
|
|
Loading…
Reference in New Issue