mirror of
https://github.com/YunoHost-Apps/wireguard_ynh.git
synced 2024-09-03 20:35:58 +02:00
Merge pull request #44 from YunoHost-Apps/enh-headers
Simplify linux-headers dependency
This commit is contained in:
commit
d4954f3430
11 changed files with 69 additions and 76 deletions
|
@ -1,2 +0,0 @@
|
|||
Cmnd_Alias WIREGUARDSERVICE = /usr/bin/systemctl restart wg-quick@wg0.service
|
||||
%__USER__ ALL = NOPASSWD: WIREGUARDSERVICE
|
8
conf/wireguard@.path
Normal file
8
conf/wireguard@.path
Normal file
|
@ -0,0 +1,8 @@
|
|||
[Unit]
|
||||
Description=Watch WireGuard %I.conf for changes
|
||||
|
||||
[Path]
|
||||
PathModified=/etc/wireguard/%I.conf
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
14
conf/wireguard@.service
Normal file
14
conf/wireguard@.service
Normal file
|
@ -0,0 +1,14 @@
|
|||
[Unit]
|
||||
Description=WireGuard on %I
|
||||
After=network-online.target nss-lookup.target
|
||||
Wants=network-online.target nss-lookup.target
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
User=root
|
||||
RemainAfterExit=yes
|
||||
ExecStart=/bin/systemctl restart wg-quick@%I.service
|
||||
ExecStop=/bin/systemctl stop wg-quick@%I.service
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -1,8 +0,0 @@
|
|||
[Unit]
|
||||
Description=Watch WireGuard wg0.conf for changes
|
||||
|
||||
[Path]
|
||||
PathModified=/etc/wireguard/wg0.conf
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -1,9 +0,0 @@
|
|||
[Unit]
|
||||
Description=WireGuard restart
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
User=__APP__
|
||||
Group=__APP__
|
||||
ExecStart=sudo /usr/bin/systemctl restart wg-quick@wg0.service
|
|
@ -7,11 +7,7 @@
|
|||
# WireGuard was integrated in Linux kernel 5.6
|
||||
# Before that, we need Linux Headers
|
||||
if dpkg --compare-versions $(uname -r) lt 5.6; then
|
||||
if grep "Raspberry Pi" /proc/device-tree/model; then
|
||||
pkg_headers="raspberrypi-kernel-headers"
|
||||
else
|
||||
pkg_headers="linux-headers-$(uname -r)"
|
||||
fi
|
||||
pkg_headers="raspberrypi-kernel-headers|linux-headers-generic|linux-headers-virtual|linux-headers-$(uname -r)"
|
||||
else
|
||||
pkg_headers=""
|
||||
fi
|
||||
|
|
|
@ -55,9 +55,8 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
|
|||
#=================================================
|
||||
|
||||
ynh_backup --src_path=/etc/systemd/system/wireguard_ui.service
|
||||
ynh_backup --src_path=/etc/systemd/system/wireguard_ui_conf.path
|
||||
ynh_backup --src_path=/etc/systemd/system/wireguard_ui_conf.service
|
||||
ynh_backup --src_path="/etc/sudoers.d/${app}_ynh"
|
||||
ynh_backup --src_path=/etc/systemd/system/wireguard@.path
|
||||
ynh_backup --src_path=/etc/systemd/system/wireguard@.service
|
||||
|
||||
#=================================================
|
||||
# BACKUP VARIOUS FILES
|
||||
|
|
|
@ -87,7 +87,7 @@ ynh_pin_repo --package="wireguard*" --pin="origin deb http://deb.debian.org/debi
|
|||
# Update the list of package with the new repo
|
||||
ynh_package_update
|
||||
|
||||
ynh_add_app_dependencies --package="$pkg_dependencies"
|
||||
ynh_install_app_dependencies --package="$pkg_dependencies"
|
||||
|
||||
# Remove buster-backports repo and pin-priority
|
||||
ynh_remove_extra_repo --name=$app
|
||||
|
@ -117,10 +117,6 @@ ynh_script_progression --message="Configuring system user..." --weight=1
|
|||
# Create a system user
|
||||
ynh_system_user_create --username=$app
|
||||
|
||||
# Ensure the system user has enough permissions
|
||||
install -b -o root -g root -m 0440 ../conf/sudoers.conf /etc/sudoers.d/${app}_ynh
|
||||
ynh_replace_string "__USER__" "${app}" /etc/sudoers.d/${app}_ynh
|
||||
|
||||
#=================================================
|
||||
# SPECIFIC SETUP
|
||||
#=================================================
|
||||
|
@ -151,12 +147,12 @@ ynh_script_progression --message="Configuring a systemd service..." --weight=1
|
|||
ynh_add_systemd_config --service=wireguard_ui --template=wireguard_ui.service
|
||||
|
||||
# Create a dedicated systemd config for monitoring WireGuard's configuration
|
||||
cp ../conf/wireguard_ui_conf.path /etc/systemd/system/wireguard_ui_conf.path
|
||||
systemctl enable --quiet wireguard_ui_conf.path
|
||||
cp ../conf/wireguard@.path /etc/systemd/system/wireguard@.path
|
||||
systemctl enable --quiet wireguard@wg0.path
|
||||
|
||||
# Create a dedicated systemd config for restarting WireGuard when its configuration changes
|
||||
ynh_add_systemd_config --service=wireguard_ui_conf --template=wireguard_ui_conf.service
|
||||
systemctl enable --quiet wireguard_ui_conf.service
|
||||
# Create a dedicated systemd config for WireGuard
|
||||
cp ../conf/wireguard@.service /etc/systemd/system/wireguard@.service
|
||||
systemctl enable --quiet wireguard@wg0.service
|
||||
|
||||
#=================================================
|
||||
# GENERIC FINALIZATION
|
||||
|
@ -178,13 +174,13 @@ chown -R $app: /etc/wireguard
|
|||
#=================================================
|
||||
ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
|
||||
|
||||
yunohost service add wg-quick@wg0 --description="WireGuard VPN" --needs_exposed_ports="$port_wg" --test_status="wg show | grep wg0"
|
||||
yunohost service add wireguard@wg0 --description="WireGuard VPN" --needs_exposed_ports="$port_wg" --test_status="wg show | grep wg0"
|
||||
yunohost service add wireguard_ui --description="WireGuard UI"
|
||||
|
||||
#=================================================
|
||||
# START SYSTEMD SERVICE
|
||||
# START UI SYSTEMD SERVICE
|
||||
#=================================================
|
||||
ynh_script_progression --message="Starting a systemd service..." --weight=1
|
||||
ynh_script_progression --message="Starting the systemd service for the UI..." --weight=1
|
||||
|
||||
# Start a systemd service
|
||||
ynh_systemd_action --service_name=wireguard_ui --action="start" --line_match="http server started" --log_path="systemd" --timeout=30
|
||||
|
|
|
@ -35,10 +35,10 @@ then
|
|||
yunohost service remove wireguard_ui
|
||||
fi
|
||||
|
||||
if ynh_exec_warn_less yunohost service status wg-quick@wg0 >/dev/null
|
||||
if ynh_exec_warn_less yunohost service status wireguard@wg0 >/dev/null
|
||||
then
|
||||
ynh_script_progression --message="Removing WireGuard service integration..." --weight=1
|
||||
yunohost service remove wg-quick@wg0
|
||||
yunohost service remove wireguard@wg0
|
||||
fi
|
||||
|
||||
#=================================================
|
||||
|
@ -47,13 +47,14 @@ fi
|
|||
ynh_script_progression --message="Stopping and removing the systemd service..." --weight=1
|
||||
|
||||
# YunoHost does not handle services not ending with .service, let's remove it manually
|
||||
systemctl stop wireguard_ui_conf.path
|
||||
systemctl disable wireguard_ui_conf.path --quiet
|
||||
ynh_secure_remove --file="/etc/systemd/system/wireguard_ui_conf.path"
|
||||
systemctl daemon-reload
|
||||
systemctl stop wireguard@wg0.path
|
||||
systemctl disable wireguard@wg0.path --quiet
|
||||
ynh_secure_remove --file="/etc/systemd/system/wireguard@.path"
|
||||
|
||||
systemctl stop wireguard@wg0.service
|
||||
systemctl disable wireguard@wg0.service --quiet
|
||||
ynh_secure_remove --file="/etc/systemd/system/wireguard@.service"
|
||||
|
||||
# Remove the dedicated systemd configs
|
||||
ynh_remove_systemd_config --service=wireguard_ui_conf
|
||||
ynh_remove_systemd_config --service=wireguard_ui
|
||||
|
||||
#=================================================
|
||||
|
|
|
@ -65,9 +65,6 @@ ynh_script_progression --message="Recreating the dedicated system user..." --wei
|
|||
# Create the dedicated user (if not existing)
|
||||
ynh_system_user_create --username=$app
|
||||
|
||||
# Restore sudoers file
|
||||
ynh_restore_file --origin_path="/etc/sudoers.d/${app}_ynh"
|
||||
|
||||
#=================================================
|
||||
# RESTORE USER RIGHTS
|
||||
#=================================================
|
||||
|
@ -102,7 +99,7 @@ ynh_pin_repo --package="wireguard*" --pin="origin deb http://deb.debian.org/debi
|
|||
# Update the list of package with the new repo
|
||||
ynh_package_update
|
||||
|
||||
ynh_add_app_dependencies --package="$pkg_dependencies"
|
||||
ynh_install_app_dependencies --package="$pkg_dependencies"
|
||||
|
||||
#Remove buster-backports repo and pin-priority
|
||||
ynh_remove_extra_repo --name=$app
|
||||
|
@ -113,19 +110,19 @@ ynh_remove_extra_repo --name=$app
|
|||
ynh_script_progression --message="Restoring the systemd configuration..." --weight=1
|
||||
|
||||
ynh_restore_file --origin_path=/etc/systemd/system/wireguard_ui.service
|
||||
ynh_restore_file --origin_path=/etc/systemd/system/wireguard_ui_conf.path
|
||||
ynh_restore_file --origin_path=/etc/systemd/system/wireguard_ui_conf.service
|
||||
ynh_restore_file --origin_path=/etc/systemd/system/wireguard@.path
|
||||
ynh_restore_file --origin_path=/etc/systemd/system/wireguard@.service
|
||||
|
||||
systemctl enable --quiet wireguard_ui.service
|
||||
systemctl enable --quiet wireguard_ui_conf.path
|
||||
systemctl enable --quiet wireguard_ui_conf.service
|
||||
systemctl enable --quiet wireguard@wg0.path
|
||||
systemctl enable --quiet wireguard@wg0.service
|
||||
|
||||
#=================================================
|
||||
# INTEGRATE SERVICE IN YUNOHOST
|
||||
#=================================================
|
||||
ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
|
||||
|
||||
yunohost service add wg-quick@wg0 --description="WireGuard VPN" --needs_exposed_ports="$port_wg" --test_status="wg show | grep wg0"
|
||||
yunohost service add wireguard@wg0 --description="WireGuard VPN" --needs_exposed_ports="$port_wg" --test_status="wg show | grep wg0"
|
||||
yunohost service add wireguard_ui --description="WireGuard UI"
|
||||
|
||||
#=================================================
|
||||
|
@ -135,12 +132,11 @@ yunohost service add wireguard_ui --description="WireGuard UI"
|
|||
ynh_restore_file --origin_path=$(jq -r ".config_file_path" $final_path/db/server/global_settings.json) --not_mandatory
|
||||
|
||||
#=================================================
|
||||
# START SYSTEMD SERVICE
|
||||
# START UI SYSTEMD SERVICE
|
||||
#=================================================
|
||||
ynh_script_progression --message="Starting a systemd service..." --weight=1
|
||||
ynh_script_progression --message="Starting the systemd service for the UI..." --weight=1
|
||||
|
||||
ynh_systemd_action --service_name=wireguard_ui --action="start" --line_match="http server started" --log_path="systemd" --timeout=30
|
||||
sleep 5
|
||||
|
||||
#=================================================
|
||||
# GENERIC FINALIZATION
|
||||
|
|
|
@ -92,18 +92,21 @@ Now wireguard_ynh use a DKMS module allowing itself to be used with the stable k
|
|||
fi
|
||||
fi
|
||||
|
||||
# Add sudoers file if missing
|
||||
# Drop sudoers file if present
|
||||
if [ -f "/etc/sudoers.d/${app}_ynh" ]; then
|
||||
install -b -o root -g root -m 0440 ../conf/sudoers.conf /etc/sudoers.d/${app}_ynh
|
||||
ynh_replace_string "__USER__" "${app}" /etc/sudoers.d/${app}_ynh
|
||||
ynh_secure_remove /etc/sudoers.d/${app}_ynh
|
||||
fi
|
||||
|
||||
# Remove deprecated services
|
||||
if systemctl list-units --full -all | grep -Fq "wireguard.path"; then
|
||||
systemctl disable --now --quiet wireguard.path
|
||||
ynh_secure_remove --file="/etc/systemd/system/wireguard.path"
|
||||
if systemctl list-units --full -all | grep -Fq "wireguard_ui_conf.path"; then
|
||||
systemctl disable --now --quiet wireguard_ui_conf.path
|
||||
ynh_secure_remove --file="/etc/systemd/system/wireguard_ui_conf.path"
|
||||
fi
|
||||
if systemctl list-units --full -all | grep -Fq "wireguard_ui_conf.service"; then
|
||||
systemctl disable --now --quiet wireguard_ui_conf.service
|
||||
ynh_secure_remove --file="/etc/systemd/system/wireguard_ui_conf.service"
|
||||
yunohost service remove wireguard_ui_conf
|
||||
fi
|
||||
ynh_remove_systemd_config --service="wireguard.service"
|
||||
|
||||
#=================================================
|
||||
# STANDARD UPGRADE STEPS
|
||||
|
@ -113,7 +116,7 @@ ynh_remove_systemd_config --service="wireguard.service"
|
|||
ynh_script_progression --message="Stopping a systemd service..." --weight=1
|
||||
|
||||
ynh_systemd_action --service_name=wireguard_ui --action="stop" --line_match="Stopped WireGuard UI" --log_path="systemd" --timeout=30
|
||||
ynh_systemd_action --service_name=wg-quick@wg0 --action="stop" --line_match="Stopped WireGuard via wg-quick(8) for wg0." --log_path="systemd" --timeout=30
|
||||
ynh_systemd_action --service_name=wireguard@wg0 --action="stop"
|
||||
|
||||
#=================================================
|
||||
# DOWNLOAD, CHECK AND UNPACK SOURCE
|
||||
|
@ -154,7 +157,7 @@ ynh_pin_repo --package="wireguard*" --pin="origin deb http://deb.debian.org/debi
|
|||
# Update the list of package with the new repo
|
||||
ynh_package_update
|
||||
|
||||
ynh_add_app_dependencies --package="$pkg_dependencies"
|
||||
ynh_install_app_dependencies --package="$pkg_dependencies"
|
||||
|
||||
# Remove buster-backports repo and pin-priority
|
||||
ynh_remove_extra_repo --name=$app
|
||||
|
@ -176,12 +179,12 @@ ynh_script_progression --message="Upgrading systemd configuration..." --weight=1
|
|||
ynh_add_systemd_config --service=wireguard_ui --template=wireguard_ui.service
|
||||
|
||||
# Create a dedicated systemd config for monitoring WireGuard's configuration
|
||||
cp ../conf/wireguard_ui_conf.path /etc/systemd/system/wireguard_ui_conf.path
|
||||
systemctl enable --quiet wireguard_ui_conf.path
|
||||
cp ../conf/wireguard@.path /etc/systemd/system/wireguard@.path
|
||||
systemctl enable --quiet wireguard@wg0.path
|
||||
|
||||
# Create a dedicated systemd config for restarting WireGuard when its configuration changes
|
||||
ynh_add_systemd_config --service=wireguard_ui_conf --template=wireguard_ui_conf.service
|
||||
systemctl enable --quiet wireguard_ui_conf.service
|
||||
cp ../conf/wireguard@.service /etc/systemd/system/wireguard@.service
|
||||
systemctl enable --quiet wireguard@wg0.service
|
||||
|
||||
#=================================================
|
||||
# CONFIGURING WIREGUARD
|
||||
|
@ -214,17 +217,16 @@ chown -R $app: /etc/wireguard
|
|||
#=================================================
|
||||
ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
|
||||
|
||||
yunohost service add wg-quick@wg0 --description="WireGuard VPN" --needs_exposed_ports="$port_wg" --test_status="wg show | grep wg0"
|
||||
yunohost service add wireguard@wg0 --description="WireGuard VPN" --needs_exposed_ports="$port_wg" --test_status="wg show | grep wg0"
|
||||
yunohost service add wireguard_ui --description="WireGuard UI"
|
||||
|
||||
#=================================================
|
||||
# START SYSTEMD SERVICE
|
||||
#=================================================
|
||||
ynh_script_progression --message="Starting a systemd service..." --weight=1
|
||||
ynh_script_progression --message="Starting the systemd service for the UI..." --weight=1
|
||||
|
||||
# Start a systemd service
|
||||
ynh_systemd_action --service_name=wireguard_ui --action="start" --line_match="http server started" --log_path="systemd" --timeout=30
|
||||
sleep 5
|
||||
|
||||
#=================================================
|
||||
# RELOAD NGINX
|
||||
|
|
Loading…
Add table
Reference in a new issue