User directive in WireGuard service

2024-09-03 20:35:58 +02:00 · 2021-01-11 22:20:30 +01:00 · 2021-01-11 22:20:30 +01:00 · c7c7cd7e3f
commit c7c7cd7e3f
parent 823fe2e97e
7 changed files with 28 additions and 0 deletions
--- a/conf/sudoers.conf
+++ b/conf/sudoers.conf
@ -0,0 +1,3 @@
 Cmnd_Alias WIREGUARDSERVICE = /bin/systemctl restart wg-quick@wg0.service
 __USER__ ALL = NOPASSWD: WIREGUARDSERVICE
--- a/conf/wireguard.service
+++ b/conf/wireguard.service
@ -4,4 +4,6 @@ After=network.target
 [Service]
 Type=oneshot
 User=__APP__
 Group=__APP__
 ExecStart=/bin/systemctl restart wg-quick@wg0.service
--- a/scripts/backup
+++ b/scripts/backup
@ -63,6 +63,7 @@ ynh_backup --src_path="/etc/logrotate.d/$app"
 ynh_backup --src_path="/etc/systemd/system/$app.service"
 ynh_backup --src_path=/etc/systemd/system/wireguard_ui.service
 ynh_backup --src_path=/etc/systemd/system/wireguard.path
 ynh_backup --src_path="/etc/sudoers.d/${app}_ynh"
 #=================================================
 # BACKUP VARIOUS FILES
--- a/scripts/install
+++ b/scripts/install
@ -114,6 +114,10 @@ ynh_script_progression --message="Configuring system user..." --weight=1
 # Create a system user
 ynh_system_user_create --username=$app
 # Ensure the system user has enough permissions
 install -b -o root -g root -m 0440 ../conf/sudoers.conf /etc/sudoers.d/${app}_ynh
 ynh_replace_string "__USER__" "${app}" /etc/sudoers.d/${app}_ynh
 #=================================================
 # SPECIFIC SETUP
 #=================================================
--- a/scripts/remove
+++ b/scripts/remove
@ -94,6 +94,15 @@ then
 	ynh_exec_warn_less yunohost firewall disallow TCP $port_wg
 fi
 #=================================================
 # SPECIFIC REMOVE
 #=================================================
 # REMOVE VARIOUS FILES
 #=================================================
 # Remove sudoers file
 ynh_secure_remove --file="/etc/sudoers.d/${app}_ynh"
 #=================================================
 # GENERIC FINALIZATION
 #=================================================
--- a/scripts/restore
+++ b/scripts/restore
@ -68,6 +68,9 @@ ynh_script_progression --message="Recreating the dedicated system user..." --wei
 # Create the dedicated user (if not existing)
 ynh_system_user_create --username=$app
 # Restore sudoers file
 ynh_restore_file --origin_path="/etc/sudoers.d/${app}_ynh"
 #=================================================
 # RESTORE USER RIGHTS
 #=================================================
--- a/scripts/upgrade
+++ b/scripts/upgrade
@ -77,6 +77,12 @@ Now wireguard_ynh use a DKMS module allowing itself to be used with the stable k
 	fi
 fi
 # Add sudoers file if missing
 if [ -f "/etc/sudoers.d/${app}_ynh" ]; then
 	install -b -o root -g root -m 0440 ../conf/sudoers.conf /etc/sudoers.d/${app}_ynh
 	ynh_replace_string "__USER__" "${app}" /etc/sudoers.d/${app}_ynh
 fi
 #=================================================
 # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
 #=================================================
		`@ -0,0 +1,3 @@`
							`Cmnd_Alias WIREGUARDSERVICE = /bin/systemctl restart wg-quick@wg0.service`

							`__USER__ ALL = NOPASSWD: WIREGUARDSERVICE`