1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/wireguard_ynh.git synced 2024-09-03 20:35:58 +02:00

Merge pull request #44 from YunoHost-Apps/enh-headers

Simplify linux-headers dependency
This commit is contained in:
tituspijean 2021-12-22 15:30:22 +01:00 committed by GitHub
commit d4954f3430
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
11 changed files with 69 additions and 76 deletions

View file

@ -1,2 +0,0 @@
Cmnd_Alias WIREGUARDSERVICE = /usr/bin/systemctl restart wg-quick@wg0.service
%__USER__ ALL = NOPASSWD: WIREGUARDSERVICE

8
conf/wireguard@.path Normal file
View file

@ -0,0 +1,8 @@
[Unit]
Description=Watch WireGuard %I.conf for changes
[Path]
PathModified=/etc/wireguard/%I.conf
[Install]
WantedBy=multi-user.target

14
conf/wireguard@.service Normal file
View file

@ -0,0 +1,14 @@
[Unit]
Description=WireGuard on %I
After=network-online.target nss-lookup.target
Wants=network-online.target nss-lookup.target
[Service]
Type=oneshot
User=root
RemainAfterExit=yes
ExecStart=/bin/systemctl restart wg-quick@%I.service
ExecStop=/bin/systemctl stop wg-quick@%I.service
[Install]
WantedBy=multi-user.target

View file

@ -1,8 +0,0 @@
[Unit]
Description=Watch WireGuard wg0.conf for changes
[Path]
PathModified=/etc/wireguard/wg0.conf
[Install]
WantedBy=multi-user.target

View file

@ -1,9 +0,0 @@
[Unit]
Description=WireGuard restart
After=network.target
[Service]
Type=oneshot
User=__APP__
Group=__APP__
ExecStart=sudo /usr/bin/systemctl restart wg-quick@wg0.service

View file

@ -7,11 +7,7 @@
# WireGuard was integrated in Linux kernel 5.6
# Before that, we need Linux Headers
if dpkg --compare-versions $(uname -r) lt 5.6; then
if grep "Raspberry Pi" /proc/device-tree/model; then
pkg_headers="raspberrypi-kernel-headers"
else
pkg_headers="linux-headers-$(uname -r)"
fi
pkg_headers="raspberrypi-kernel-headers|linux-headers-generic|linux-headers-virtual|linux-headers-$(uname -r)"
else
pkg_headers=""
fi

View file

@ -55,9 +55,8 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
ynh_backup --src_path=/etc/systemd/system/wireguard_ui.service
ynh_backup --src_path=/etc/systemd/system/wireguard_ui_conf.path
ynh_backup --src_path=/etc/systemd/system/wireguard_ui_conf.service
ynh_backup --src_path="/etc/sudoers.d/${app}_ynh"
ynh_backup --src_path=/etc/systemd/system/wireguard@.path
ynh_backup --src_path=/etc/systemd/system/wireguard@.service
#=================================================
# BACKUP VARIOUS FILES

View file

@ -87,7 +87,7 @@ ynh_pin_repo --package="wireguard*" --pin="origin deb http://deb.debian.org/debi
# Update the list of package with the new repo
ynh_package_update
ynh_add_app_dependencies --package="$pkg_dependencies"
ynh_install_app_dependencies --package="$pkg_dependencies"
# Remove buster-backports repo and pin-priority
ynh_remove_extra_repo --name=$app
@ -117,10 +117,6 @@ ynh_script_progression --message="Configuring system user..." --weight=1
# Create a system user
ynh_system_user_create --username=$app
# Ensure the system user has enough permissions
install -b -o root -g root -m 0440 ../conf/sudoers.conf /etc/sudoers.d/${app}_ynh
ynh_replace_string "__USER__" "${app}" /etc/sudoers.d/${app}_ynh
#=================================================
# SPECIFIC SETUP
#=================================================
@ -151,12 +147,12 @@ ynh_script_progression --message="Configuring a systemd service..." --weight=1
ynh_add_systemd_config --service=wireguard_ui --template=wireguard_ui.service
# Create a dedicated systemd config for monitoring WireGuard's configuration
cp ../conf/wireguard_ui_conf.path /etc/systemd/system/wireguard_ui_conf.path
systemctl enable --quiet wireguard_ui_conf.path
cp ../conf/wireguard@.path /etc/systemd/system/wireguard@.path
systemctl enable --quiet wireguard@wg0.path
# Create a dedicated systemd config for restarting WireGuard when its configuration changes
ynh_add_systemd_config --service=wireguard_ui_conf --template=wireguard_ui_conf.service
systemctl enable --quiet wireguard_ui_conf.service
# Create a dedicated systemd config for WireGuard
cp ../conf/wireguard@.service /etc/systemd/system/wireguard@.service
systemctl enable --quiet wireguard@wg0.service
#=================================================
# GENERIC FINALIZATION
@ -178,13 +174,13 @@ chown -R $app: /etc/wireguard
#=================================================
ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
yunohost service add wg-quick@wg0 --description="WireGuard VPN" --needs_exposed_ports="$port_wg" --test_status="wg show | grep wg0"
yunohost service add wireguard@wg0 --description="WireGuard VPN" --needs_exposed_ports="$port_wg" --test_status="wg show | grep wg0"
yunohost service add wireguard_ui --description="WireGuard UI"
#=================================================
# START SYSTEMD SERVICE
# START UI SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Starting a systemd service..." --weight=1
ynh_script_progression --message="Starting the systemd service for the UI..." --weight=1
# Start a systemd service
ynh_systemd_action --service_name=wireguard_ui --action="start" --line_match="http server started" --log_path="systemd" --timeout=30

View file

@ -35,10 +35,10 @@ then
yunohost service remove wireguard_ui
fi
if ynh_exec_warn_less yunohost service status wg-quick@wg0 >/dev/null
if ynh_exec_warn_less yunohost service status wireguard@wg0 >/dev/null
then
ynh_script_progression --message="Removing WireGuard service integration..." --weight=1
yunohost service remove wg-quick@wg0
yunohost service remove wireguard@wg0
fi
#=================================================
@ -47,13 +47,14 @@ fi
ynh_script_progression --message="Stopping and removing the systemd service..." --weight=1
# YunoHost does not handle services not ending with .service, let's remove it manually
systemctl stop wireguard_ui_conf.path
systemctl disable wireguard_ui_conf.path --quiet
ynh_secure_remove --file="/etc/systemd/system/wireguard_ui_conf.path"
systemctl daemon-reload
systemctl stop wireguard@wg0.path
systemctl disable wireguard@wg0.path --quiet
ynh_secure_remove --file="/etc/systemd/system/wireguard@.path"
systemctl stop wireguard@wg0.service
systemctl disable wireguard@wg0.service --quiet
ynh_secure_remove --file="/etc/systemd/system/wireguard@.service"
# Remove the dedicated systemd configs
ynh_remove_systemd_config --service=wireguard_ui_conf
ynh_remove_systemd_config --service=wireguard_ui
#=================================================

View file

@ -65,9 +65,6 @@ ynh_script_progression --message="Recreating the dedicated system user..." --wei
# Create the dedicated user (if not existing)
ynh_system_user_create --username=$app
# Restore sudoers file
ynh_restore_file --origin_path="/etc/sudoers.d/${app}_ynh"
#=================================================
# RESTORE USER RIGHTS
#=================================================
@ -102,7 +99,7 @@ ynh_pin_repo --package="wireguard*" --pin="origin deb http://deb.debian.org/debi
# Update the list of package with the new repo
ynh_package_update
ynh_add_app_dependencies --package="$pkg_dependencies"
ynh_install_app_dependencies --package="$pkg_dependencies"
#Remove buster-backports repo and pin-priority
ynh_remove_extra_repo --name=$app
@ -113,19 +110,19 @@ ynh_remove_extra_repo --name=$app
ynh_script_progression --message="Restoring the systemd configuration..." --weight=1
ynh_restore_file --origin_path=/etc/systemd/system/wireguard_ui.service
ynh_restore_file --origin_path=/etc/systemd/system/wireguard_ui_conf.path
ynh_restore_file --origin_path=/etc/systemd/system/wireguard_ui_conf.service
ynh_restore_file --origin_path=/etc/systemd/system/wireguard@.path
ynh_restore_file --origin_path=/etc/systemd/system/wireguard@.service
systemctl enable --quiet wireguard_ui.service
systemctl enable --quiet wireguard_ui_conf.path
systemctl enable --quiet wireguard_ui_conf.service
systemctl enable --quiet wireguard@wg0.path
systemctl enable --quiet wireguard@wg0.service
#=================================================
# INTEGRATE SERVICE IN YUNOHOST
#=================================================
ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
yunohost service add wg-quick@wg0 --description="WireGuard VPN" --needs_exposed_ports="$port_wg" --test_status="wg show | grep wg0"
yunohost service add wireguard@wg0 --description="WireGuard VPN" --needs_exposed_ports="$port_wg" --test_status="wg show | grep wg0"
yunohost service add wireguard_ui --description="WireGuard UI"
#=================================================
@ -135,12 +132,11 @@ yunohost service add wireguard_ui --description="WireGuard UI"
ynh_restore_file --origin_path=$(jq -r ".config_file_path" $final_path/db/server/global_settings.json) --not_mandatory
#=================================================
# START SYSTEMD SERVICE
# START UI SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Starting a systemd service..." --weight=1
ynh_script_progression --message="Starting the systemd service for the UI..." --weight=1
ynh_systemd_action --service_name=wireguard_ui --action="start" --line_match="http server started" --log_path="systemd" --timeout=30
sleep 5
#=================================================
# GENERIC FINALIZATION

View file

@ -92,18 +92,21 @@ Now wireguard_ynh use a DKMS module allowing itself to be used with the stable k
fi
fi
# Add sudoers file if missing
# Drop sudoers file if present
if [ -f "/etc/sudoers.d/${app}_ynh" ]; then
install -b -o root -g root -m 0440 ../conf/sudoers.conf /etc/sudoers.d/${app}_ynh
ynh_replace_string "__USER__" "${app}" /etc/sudoers.d/${app}_ynh
ynh_secure_remove /etc/sudoers.d/${app}_ynh
fi
# Remove deprecated services
if systemctl list-units --full -all | grep -Fq "wireguard.path"; then
systemctl disable --now --quiet wireguard.path
ynh_secure_remove --file="/etc/systemd/system/wireguard.path"
if systemctl list-units --full -all | grep -Fq "wireguard_ui_conf.path"; then
systemctl disable --now --quiet wireguard_ui_conf.path
ynh_secure_remove --file="/etc/systemd/system/wireguard_ui_conf.path"
fi
if systemctl list-units --full -all | grep -Fq "wireguard_ui_conf.service"; then
systemctl disable --now --quiet wireguard_ui_conf.service
ynh_secure_remove --file="/etc/systemd/system/wireguard_ui_conf.service"
yunohost service remove wireguard_ui_conf
fi
ynh_remove_systemd_config --service="wireguard.service"
#=================================================
# STANDARD UPGRADE STEPS
@ -113,7 +116,7 @@ ynh_remove_systemd_config --service="wireguard.service"
ynh_script_progression --message="Stopping a systemd service..." --weight=1
ynh_systemd_action --service_name=wireguard_ui --action="stop" --line_match="Stopped WireGuard UI" --log_path="systemd" --timeout=30
ynh_systemd_action --service_name=wg-quick@wg0 --action="stop" --line_match="Stopped WireGuard via wg-quick(8) for wg0." --log_path="systemd" --timeout=30
ynh_systemd_action --service_name=wireguard@wg0 --action="stop"
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
@ -154,7 +157,7 @@ ynh_pin_repo --package="wireguard*" --pin="origin deb http://deb.debian.org/debi
# Update the list of package with the new repo
ynh_package_update
ynh_add_app_dependencies --package="$pkg_dependencies"
ynh_install_app_dependencies --package="$pkg_dependencies"
# Remove buster-backports repo and pin-priority
ynh_remove_extra_repo --name=$app
@ -176,12 +179,12 @@ ynh_script_progression --message="Upgrading systemd configuration..." --weight=1
ynh_add_systemd_config --service=wireguard_ui --template=wireguard_ui.service
# Create a dedicated systemd config for monitoring WireGuard's configuration
cp ../conf/wireguard_ui_conf.path /etc/systemd/system/wireguard_ui_conf.path
systemctl enable --quiet wireguard_ui_conf.path
cp ../conf/wireguard@.path /etc/systemd/system/wireguard@.path
systemctl enable --quiet wireguard@wg0.path
# Create a dedicated systemd config for restarting WireGuard when its configuration changes
ynh_add_systemd_config --service=wireguard_ui_conf --template=wireguard_ui_conf.service
systemctl enable --quiet wireguard_ui_conf.service
cp ../conf/wireguard@.service /etc/systemd/system/wireguard@.service
systemctl enable --quiet wireguard@wg0.service
#=================================================
# CONFIGURING WIREGUARD
@ -214,17 +217,16 @@ chown -R $app: /etc/wireguard
#=================================================
ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
yunohost service add wg-quick@wg0 --description="WireGuard VPN" --needs_exposed_ports="$port_wg" --test_status="wg show | grep wg0"
yunohost service add wireguard@wg0 --description="WireGuard VPN" --needs_exposed_ports="$port_wg" --test_status="wg show | grep wg0"
yunohost service add wireguard_ui --description="WireGuard UI"
#=================================================
# START SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Starting a systemd service..." --weight=1
ynh_script_progression --message="Starting the systemd service for the UI..." --weight=1
# Start a systemd service
ynh_systemd_action --service_name=wireguard_ui --action="start" --line_match="http server started" --log_path="systemd" --timeout=30
sleep 5
#=================================================
# RELOAD NGINX