diff --git a/.nfpm/postinstall.sh b/.nfpm/postinstall.sh index c3e1de5300fe44cd774c145abc1744c1fceba2f3..85b4f8a68972f491a3147344cf847505a46f161f 100755 --- a/.nfpm/postinstall.sh +++ b/.nfpm/postinstall.sh @@ -6,9 +6,12 @@ if ! command -V systemctl >/dev/null 2>&1; then exit 0 fi -echo "Enabling and starting soft.service" +systemd-sysusers +systemd-tmpfiles --create + +echo "Enabling and starting soft-server.service" systemctl daemon-reload -systemctl unmask soft.service -systemctl preset soft.service -systemctl enable soft.service -systemctl restart soft.service +systemctl unmask soft-serve.service +systemctl preset soft-serve.service +systemctl enable soft-serve.service +systemctl restart soft-serve.service diff --git a/.nfpm/postremove.sh b/.nfpm/postremove.sh index a079424b31ed51e1151d950a4165930462fcfb8e..64392df5f5f135e12c26b8f1ad6779d9f31a5844 100755 --- a/.nfpm/postremove.sh +++ b/.nfpm/postremove.sh @@ -6,6 +6,10 @@ if ! command -V systemctl >/dev/null 2>&1; then exit 0 fi -systemctl stop soft.service -systemctl disable soft.service +echo "Disabling and starting soft-server.service" +systemctl stop soft-serve.service +systemctl disable soft-serve.service systemctl daemon-reload +systemctl reset-failed + +echo "WARN: the soft-serve user/group and /var/lib/soft-serve directory were not removed" diff --git a/.nfpm/soft.conf b/.nfpm/soft-serve.conf similarity index 81% rename from .nfpm/soft.conf rename to .nfpm/soft-serve.conf index d50663825a1e09418939bb12dd5557a1650990a2..fb1380304ee35ef0285dca9b13cf09dadf99cda8 100644 --- a/.nfpm/soft.conf +++ b/.nfpm/soft-serve.conf @@ -1,6 +1,6 @@ +SOFT_SERVE_DATA_PATH=/var/lib/soft-serve +#SOFT_SERVE_BIND_ADDRESS=0.0.0.0 #SOFT_SERVE_PORT=23231 #SOFT_SERVE_HOST=domain.tld -#SOFT_SERVE_BIND_ADDRESS=0.0.0.0 #SOFT_SERVE_KEY_PATH=.ssh/soft_serve_server_ed25519 #SOFT_SERVE_INITIAL_ADMIN_KEYS='ssh-ed25519 AAAAC3NzaC1lZDI1...' -SOFT_SERVE_DATA_PATH=/var/local/lib/soft-serve diff --git a/.nfpm/soft.service b/.nfpm/soft-serve.service similarity index 89% rename from .nfpm/soft.service rename to .nfpm/soft-serve.service index 4c292720a35d9ba178d5e538a198c14ae3bedc82..8c2845e7c9f1e78f9b845ee85dc42284cdc55bf9 100644 --- a/.nfpm/soft.service +++ b/.nfpm/soft-serve.service @@ -4,8 +4,15 @@ Documentation=https://github.com/charmbracelet/soft-serve Requires=network-online.target After=network-online.target -[Install] -WantedBy=multi-user.target +[Service] +Type=simple +User=soft-serve +Group=soft-serve +Restart=always +RestartSec=1 +ExecStart=/usr/bin/soft serve +EnvironmentFile=-/etc/soft-serve.conf +WorkingDirectory=/var/lib/soft-serve # Hardening ReadWritePaths=/var/lib/soft-serve @@ -36,10 +43,5 @@ SystemCallFilter=@system-service SystemCallFilter=~@privileged @resources SystemCallArchitectures=native -[Service] -Type=simple -Restart=always -RestartSec=1 -ExecStartPre=mkdir -p /var/local/lib/soft-serve -ExecStart=/usr/bin/soft serve -EnvironmentFile=-/etc/soft.conf +[Install] +WantedBy=multi-user.target diff --git a/.nfpm/sysusers.conf b/.nfpm/sysusers.conf new file mode 100644 index 0000000000000000000000000000000000000000..fa4836c8e58f2cb6b6514d93be127551bf649b10 --- /dev/null +++ b/.nfpm/sysusers.conf @@ -0,0 +1 @@ +u soft-serve - "Soft Serve daemon user" /var/lib/soft-serve diff --git a/.nfpm/tmpfiles.conf b/.nfpm/tmpfiles.conf new file mode 100644 index 0000000000000000000000000000000000000000..bc6173685412bd760ae407e0ecd7713896408be4 --- /dev/null +++ b/.nfpm/tmpfiles.conf @@ -0,0 +1 @@ +d /var/lib/soft-serve 0750 soft-serve soft-serve