Merge pull request #44 from YunoHost-Apps/enh-headers

Simplify linux-headers dependency

conf/sudoers.conf

@@ -1,2 +0,0 @@
-Cmnd_Alias WIREGUARDSERVICE = /usr/bin/systemctl restart wg-quick@wg0.service
-%__USER__ ALL = NOPASSWD: WIREGUARDSERVICE

conf/wireguard@.path

@@ -0,0 +1,8 @@
+[Unit]
+Description=Watch WireGuard %I.conf for changes
+
+[Path]
+PathModified=/etc/wireguard/%I.conf
+
+[Install]
+WantedBy=multi-user.target

conf/wireguard@.service

@@ -0,0 +1,14 @@
+[Unit]
+Description=WireGuard on %I
+After=network-online.target nss-lookup.target
+Wants=network-online.target nss-lookup.target
+
+[Service]
+Type=oneshot
+User=root
+RemainAfterExit=yes
+ExecStart=/bin/systemctl restart wg-quick@%I.service
+ExecStop=/bin/systemctl stop wg-quick@%I.service
+
+[Install]
+WantedBy=multi-user.target

conf/wireguard_ui_conf.path

@@ -1,8 +0,0 @@
-[Unit]
-Description=Watch WireGuard wg0.conf for changes
-
-[Path]
-PathModified=/etc/wireguard/wg0.conf
-
-[Install]
-WantedBy=multi-user.target

conf/wireguard_ui_conf.service

@@ -1,9 +0,0 @@
-[Unit]
-Description=WireGuard restart
-After=network.target
-
-[Service]
-Type=oneshot
-User=__APP__
-Group=__APP__
-ExecStart=sudo /usr/bin/systemctl restart wg-quick@wg0.service

scripts/_common.sh

@@ -7,11 +7,7 @@
 # WireGuard was integrated in Linux kernel 5.6
 # Before that, we need Linux Headers
 if dpkg --compare-versions $(uname -r) lt 5.6; then
-    if grep "Raspberry Pi" /proc/device-tree/model; then
-        pkg_headers="raspberrypi-kernel-headers"
-    else
-        pkg_headers="linux-headers-$(uname -r)"
-    fi
+    pkg_headers="raspberrypi-kernel-headers|linux-headers-generic|linux-headers-virtual|linux-headers-$(uname -r)"
 else
     pkg_headers=""
 fi

scripts/backup

@@ -55,9 +55,8 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
 #=================================================
 
 ynh_backup --src_path=/etc/systemd/system/wireguard_ui.service
-ynh_backup --src_path=/etc/systemd/system/wireguard_ui_conf.path
-ynh_backup --src_path=/etc/systemd/system/wireguard_ui_conf.service
-ynh_backup --src_path="/etc/sudoers.d/${app}_ynh"
+ynh_backup --src_path=/etc/systemd/system/wireguard@.path
+ynh_backup --src_path=/etc/systemd/system/wireguard@.service
 
 #=================================================
 # BACKUP VARIOUS FILES

scripts/install

@@ -87,7 +87,7 @@ ynh_pin_repo --package="wireguard*" --pin="origin deb http://deb.debian.org/debi
 # Update the list of package with the new repo
 ynh_package_update
 
-ynh_add_app_dependencies --package="$pkg_dependencies"
+ynh_install_app_dependencies --package="$pkg_dependencies"
 
 # Remove buster-backports repo and pin-priority
 ynh_remove_extra_repo --name=$app
@@ -117,10 +117,6 @@ ynh_script_progression --message="Configuring system user..." --weight=1
 # Create a system user
 ynh_system_user_create --username=$app
 
-# Ensure the system user has enough permissions
-install -b -o root -g root -m 0440 ../conf/sudoers.conf /etc/sudoers.d/${app}_ynh
-ynh_replace_string "__USER__" "${app}" /etc/sudoers.d/${app}_ynh
-
 #=================================================
 # SPECIFIC SETUP
 #=================================================
@@ -151,12 +147,12 @@ ynh_script_progression --message="Configuring a systemd service..." --weight=1
 ynh_add_systemd_config --service=wireguard_ui --template=wireguard_ui.service
 
 # Create a dedicated systemd config for monitoring WireGuard's configuration
-cp ../conf/wireguard_ui_conf.path /etc/systemd/system/wireguard_ui_conf.path
-systemctl enable --quiet wireguard_ui_conf.path
+cp ../conf/wireguard@.path /etc/systemd/system/wireguard@.path
+systemctl enable --quiet wireguard@wg0.path
 
-# Create a dedicated systemd config for restarting WireGuard when its configuration changes
-ynh_add_systemd_config --service=wireguard_ui_conf --template=wireguard_ui_conf.service
-systemctl enable --quiet wireguard_ui_conf.service
+# Create a dedicated systemd config for WireGuard
+cp ../conf/wireguard@.service /etc/systemd/system/wireguard@.service
+systemctl enable --quiet wireguard@wg0.service
 
 #=================================================
 # GENERIC FINALIZATION
@@ -178,13 +174,13 @@ chown -R $app: /etc/wireguard
 #=================================================
 ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
 
-yunohost service add wg-quick@wg0 --description="WireGuard VPN" --needs_exposed_ports="$port_wg" --test_status="wg show | grep wg0"
+yunohost service add wireguard@wg0 --description="WireGuard VPN" --needs_exposed_ports="$port_wg" --test_status="wg show | grep wg0"
 yunohost service add wireguard_ui --description="WireGuard UI"
 
 #=================================================
-# START SYSTEMD SERVICE
+# START UI SYSTEMD SERVICE
 #=================================================
-ynh_script_progression --message="Starting a systemd service..." --weight=1
+ynh_script_progression --message="Starting the systemd service for the UI..." --weight=1
 
 # Start a systemd service
 ynh_systemd_action --service_name=wireguard_ui --action="start" --line_match="http server started" --log_path="systemd" --timeout=30

scripts/remove

@@ -35,10 +35,10 @@ then
 	yunohost service remove wireguard_ui
 fi
 
-if ynh_exec_warn_less yunohost service status wg-quick@wg0 >/dev/null
+if ynh_exec_warn_less yunohost service status wireguard@wg0 >/dev/null
 then
 	ynh_script_progression --message="Removing WireGuard service integration..." --weight=1
-	yunohost service remove wg-quick@wg0
+	yunohost service remove wireguard@wg0
 fi
 
 #=================================================
@@ -47,13 +47,14 @@ fi
 ynh_script_progression --message="Stopping and removing the systemd service..." --weight=1
 
 # YunoHost does not handle services not ending with .service, let's remove it manually
-systemctl stop wireguard_ui_conf.path
-systemctl disable wireguard_ui_conf.path --quiet
-ynh_secure_remove --file="/etc/systemd/system/wireguard_ui_conf.path"
-systemctl daemon-reload
+systemctl stop wireguard@wg0.path
+systemctl disable wireguard@wg0.path --quiet
+ynh_secure_remove --file="/etc/systemd/system/wireguard@.path"
+
+systemctl stop wireguard@wg0.service
+systemctl disable wireguard@wg0.service --quiet
+ynh_secure_remove --file="/etc/systemd/system/wireguard@.service"
 
-# Remove the dedicated systemd configs
-ynh_remove_systemd_config --service=wireguard_ui_conf
 ynh_remove_systemd_config --service=wireguard_ui
 
 #=================================================

scripts/restore

@@ -65,9 +65,6 @@ ynh_script_progression --message="Recreating the dedicated system user..." --wei
 # Create the dedicated user (if not existing)
 ynh_system_user_create --username=$app
 
-# Restore sudoers file
-ynh_restore_file --origin_path="/etc/sudoers.d/${app}_ynh"
-
 #=================================================
 # RESTORE USER RIGHTS
 #=================================================
@@ -102,7 +99,7 @@ ynh_pin_repo --package="wireguard*" --pin="origin deb http://deb.debian.org/debi
 # Update the list of package with the new repo
 ynh_package_update
 
-ynh_add_app_dependencies --package="$pkg_dependencies"
+ynh_install_app_dependencies --package="$pkg_dependencies"
 
 #Remove buster-backports repo and pin-priority
 ynh_remove_extra_repo --name=$app
@@ -113,19 +110,19 @@ ynh_remove_extra_repo --name=$app
 ynh_script_progression --message="Restoring the systemd configuration..." --weight=1
 
 ynh_restore_file --origin_path=/etc/systemd/system/wireguard_ui.service
-ynh_restore_file --origin_path=/etc/systemd/system/wireguard_ui_conf.path
-ynh_restore_file --origin_path=/etc/systemd/system/wireguard_ui_conf.service
+ynh_restore_file --origin_path=/etc/systemd/system/wireguard@.path
+ynh_restore_file --origin_path=/etc/systemd/system/wireguard@.service
 
 systemctl enable --quiet wireguard_ui.service
-systemctl enable --quiet wireguard_ui_conf.path
-systemctl enable --quiet wireguard_ui_conf.service
+systemctl enable --quiet wireguard@wg0.path
+systemctl enable --quiet wireguard@wg0.service
 
 #=================================================
 # INTEGRATE SERVICE IN YUNOHOST
 #=================================================
 ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
 
-yunohost service add wg-quick@wg0 --description="WireGuard VPN" --needs_exposed_ports="$port_wg" --test_status="wg show | grep wg0"
+yunohost service add wireguard@wg0 --description="WireGuard VPN" --needs_exposed_ports="$port_wg" --test_status="wg show | grep wg0"
 yunohost service add wireguard_ui --description="WireGuard UI"
 
 #=================================================
@@ -135,12 +132,11 @@ yunohost service add wireguard_ui --description="WireGuard UI"
 ynh_restore_file --origin_path=$(jq -r ".config_file_path" $final_path/db/server/global_settings.json) --not_mandatory
 
 #=================================================
-# START SYSTEMD SERVICE
+# START UI SYSTEMD SERVICE
 #=================================================
-ynh_script_progression --message="Starting a systemd service..." --weight=1
+ynh_script_progression --message="Starting the systemd service for the UI..." --weight=1
 
 ynh_systemd_action --service_name=wireguard_ui --action="start" --line_match="http server started" --log_path="systemd" --timeout=30
-sleep 5
 
 #=================================================
 # GENERIC FINALIZATION

scripts/upgrade

@@ -92,18 +92,21 @@ Now wireguard_ynh use a DKMS module allowing itself to be used with the stable k
 	fi
 fi
 
-# Add sudoers file if missing
+# Drop sudoers file if present
 if [ -f "/etc/sudoers.d/${app}_ynh" ]; then
-	install -b -o root -g root -m 0440 ../conf/sudoers.conf /etc/sudoers.d/${app}_ynh
-	ynh_replace_string "__USER__" "${app}" /etc/sudoers.d/${app}_ynh
+	ynh_secure_remove /etc/sudoers.d/${app}_ynh
 fi
 
 # Remove deprecated services
-if systemctl list-units --full -all | grep -Fq "wireguard.path"; then
-	systemctl disable --now --quiet wireguard.path
-	ynh_secure_remove --file="/etc/systemd/system/wireguard.path"
+if systemctl list-units --full -all | grep -Fq "wireguard_ui_conf.path"; then
+	systemctl disable --now --quiet wireguard_ui_conf.path
+	ynh_secure_remove --file="/etc/systemd/system/wireguard_ui_conf.path"
+fi
+if systemctl list-units --full -all | grep -Fq "wireguard_ui_conf.service"; then
+	systemctl disable --now --quiet wireguard_ui_conf.service
+	ynh_secure_remove --file="/etc/systemd/system/wireguard_ui_conf.service"
+	yunohost service remove wireguard_ui_conf
 fi
-ynh_remove_systemd_config --service="wireguard.service"
 
 #=================================================
 # STANDARD UPGRADE STEPS
@@ -113,7 +116,7 @@ ynh_remove_systemd_config --service="wireguard.service"
 ynh_script_progression --message="Stopping a systemd service..." --weight=1
 
 ynh_systemd_action --service_name=wireguard_ui --action="stop" --line_match="Stopped WireGuard UI" --log_path="systemd" --timeout=30
-ynh_systemd_action --service_name=wg-quick@wg0 --action="stop" --line_match="Stopped WireGuard via wg-quick(8) for wg0." --log_path="systemd" --timeout=30
+ynh_systemd_action --service_name=wireguard@wg0 --action="stop"
 
 #=================================================
 # DOWNLOAD, CHECK AND UNPACK SOURCE
@@ -154,7 +157,7 @@ ynh_pin_repo --package="wireguard*" --pin="origin deb http://deb.debian.org/debi
 # Update the list of package with the new repo
 ynh_package_update
 
-ynh_add_app_dependencies --package="$pkg_dependencies"
+ynh_install_app_dependencies --package="$pkg_dependencies"
 
 # Remove buster-backports repo and pin-priority
 ynh_remove_extra_repo --name=$app
@@ -176,12 +179,12 @@ ynh_script_progression --message="Upgrading systemd configuration..." --weight=1
 ynh_add_systemd_config --service=wireguard_ui --template=wireguard_ui.service
 
 # Create a dedicated systemd config for monitoring WireGuard's configuration
-cp ../conf/wireguard_ui_conf.path /etc/systemd/system/wireguard_ui_conf.path
-systemctl enable --quiet wireguard_ui_conf.path
+cp ../conf/wireguard@.path /etc/systemd/system/wireguard@.path
+systemctl enable --quiet wireguard@wg0.path
 
 # Create a dedicated systemd config for restarting WireGuard when its configuration changes
-ynh_add_systemd_config --service=wireguard_ui_conf --template=wireguard_ui_conf.service
-systemctl enable --quiet wireguard_ui_conf.service
+cp ../conf/wireguard@.service /etc/systemd/system/wireguard@.service
+systemctl enable --quiet wireguard@wg0.service
 
 #=================================================
 # CONFIGURING WIREGUARD
@@ -214,17 +217,16 @@ chown -R $app: /etc/wireguard
 #=================================================
 ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
 
-yunohost service add wg-quick@wg0 --description="WireGuard VPN" --needs_exposed_ports="$port_wg" --test_status="wg show | grep wg0"
+yunohost service add wireguard@wg0 --description="WireGuard VPN" --needs_exposed_ports="$port_wg" --test_status="wg show | grep wg0"
 yunohost service add wireguard_ui --description="WireGuard UI"
 
 #=================================================
 # START SYSTEMD SERVICE
 #=================================================
-ynh_script_progression --message="Starting a systemd service..." --weight=1
+ynh_script_progression --message="Starting the systemd service for the UI..." --weight=1
 
 # Start a systemd service
 ynh_systemd_action --service_name=wireguard_ui --action="start" --line_match="http server started" --log_path="systemd" --timeout=30
-sleep 5
 
 #=================================================
 # RELOAD NGINX