Merge claude/1
This commit is contained in:
commit
295ca2a9b4
27
init.sh
27
init.sh
@ -21,6 +21,8 @@
|
|||||||
# (Also: LP_CONTAINERS_DIR.) Put on its own disk if wanted.
|
# (Also: LP_CONTAINERS_DIR.) Put on its own disk if wanted.
|
||||||
# --backups-dir=PATH Root for backup repos. Default /libreportal-backups.
|
# --backups-dir=PATH Root for backup repos. Default /libreportal-backups.
|
||||||
# (Also: LP_BACKUPS_DIR.) Point at a separate disk/mount.
|
# (Also: LP_BACKUPS_DIR.) Point at a separate disk/mount.
|
||||||
|
# --manager-user=NAME Control-plane manager user (owns the install, runs the
|
||||||
|
# runtime). Default libreportal. (Also: LP_MANAGER_USER.)
|
||||||
# --allow-home Permit a containers/backups root inside /home/<user>
|
# --allow-home Permit a containers/backups root inside /home/<user>
|
||||||
# (needs rootless o+x traversal of that home — a privacy
|
# (needs rootless o+x traversal of that home — a privacy
|
||||||
# trade-off; refused without this flag).
|
# trade-off; refused without this flag).
|
||||||
@ -109,7 +111,11 @@ init_skip_docker_images=false
|
|||||||
init_allow_home=false
|
init_allow_home=false
|
||||||
|
|
||||||
install_param="init"
|
install_param="init"
|
||||||
sudo_user_name=libreportal
|
# Control-plane manager user — configurable via --manager-user= / LP_MANAGER_USER
|
||||||
|
# (default libreportal). Resolved early here (sudo_bashrc needs it); re-resolved
|
||||||
|
# after flag parsing in libreportalDerivePaths, and baked into the helpers/unit/
|
||||||
|
# wrapper at install (the __MANAGER__ placeholder).
|
||||||
|
sudo_user_name="${LP_MANAGER_USER:-libreportal}"
|
||||||
sshd_config="/etc/ssh/sshd_config"
|
sshd_config="/etc/ssh/sshd_config"
|
||||||
sudo_bashrc="/home/$sudo_user_name/.bashrc"
|
sudo_bashrc="/home/$sudo_user_name/.bashrc"
|
||||||
hosts_file="/etc/hosts"
|
hosts_file="/etc/hosts"
|
||||||
@ -159,6 +165,10 @@ libreportalDerivePaths() {
|
|||||||
install_scripts_dir="$script_dir/scripts/"
|
install_scripts_dir="$script_dir/scripts/"
|
||||||
containers_dir="$LP_CONTAINERS_DIR/"
|
containers_dir="$LP_CONTAINERS_DIR/"
|
||||||
backup_dir="$LP_BACKUPS_DIR"
|
backup_dir="$LP_BACKUPS_DIR"
|
||||||
|
|
||||||
|
# Control-plane manager user (configurable; default libreportal).
|
||||||
|
sudo_user_name="${LP_MANAGER_USER:-${sudo_user_name:-libreportal}}"
|
||||||
|
sudo_bashrc="/home/$sudo_user_name/.bashrc"
|
||||||
}
|
}
|
||||||
libreportalDerivePaths
|
libreportalDerivePaths
|
||||||
|
|
||||||
@ -167,6 +177,12 @@ libreportalDerivePaths
|
|||||||
# an unsafe choice; the root helpers also re-check at runtime (defence in depth).
|
# an unsafe choice; the root helpers also re-check at runtime (defence in depth).
|
||||||
libreportalValidatePaths() {
|
libreportalValidatePaths() {
|
||||||
local pair name d
|
local pair name d
|
||||||
|
# Manager username: must be a valid Linux username (it becomes a real account,
|
||||||
|
# a sudoers drop-in name, and the baked __MANAGER__ in the root helpers).
|
||||||
|
if [[ ! "$sudo_user_name" =~ ^[a-z_][a-z0-9_-]*$ ]]; then
|
||||||
|
isError "Invalid manager user '$sudo_user_name' — use lowercase letters, digits, '_' or '-' (must start with a letter or '_')."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
for pair in "system:$LP_SYSTEM_DIR" "containers:$LP_CONTAINERS_DIR" "backups:$LP_BACKUPS_DIR"; do
|
for pair in "system:$LP_SYSTEM_DIR" "containers:$LP_CONTAINERS_DIR" "backups:$LP_BACKUPS_DIR"; do
|
||||||
name="${pair%%:*}"; d="${pair#*:}"
|
name="${pair%%:*}"; d="${pair#*:}"
|
||||||
case "$d" in
|
case "$d" in
|
||||||
@ -239,6 +255,7 @@ for ((i=1; i<=$#; i++)); do
|
|||||||
--system-dir=*) LP_SYSTEM_DIR="${!i#*=}"; ((init_shift_count++)) ;;
|
--system-dir=*) LP_SYSTEM_DIR="${!i#*=}"; ((init_shift_count++)) ;;
|
||||||
--containers-dir=*) LP_CONTAINERS_DIR="${!i#*=}"; ((init_shift_count++)) ;;
|
--containers-dir=*) LP_CONTAINERS_DIR="${!i#*=}"; ((init_shift_count++)) ;;
|
||||||
--backups-dir=*) LP_BACKUPS_DIR="${!i#*=}"; ((init_shift_count++)) ;;
|
--backups-dir=*) LP_BACKUPS_DIR="${!i#*=}"; ((init_shift_count++)) ;;
|
||||||
|
--manager-user=*) LP_MANAGER_USER="${!i#*=}"; ((init_shift_count++)) ;;
|
||||||
--allow-home) init_allow_home=true; ((init_shift_count++)) ;;
|
--allow-home) init_allow_home=true; ((init_shift_count++)) ;;
|
||||||
esac
|
esac
|
||||||
done
|
done
|
||||||
@ -1108,7 +1125,9 @@ sudo tee -a "$command_script" >/dev/null <<'EOF'
|
|||||||
# LibrePortal Command Start
|
# LibrePortal Command Start
|
||||||
# LibrePortal Command Version 1.4
|
# LibrePortal Command Version 1.4
|
||||||
|
|
||||||
CHECK_USER="libreportal"
|
# Manager user baked at install (the __MANAGER__ placeholder); unbaked keeps "__".
|
||||||
|
CHECK_USER="__MANAGER__"; [[ "$CHECK_USER" == *"__"* ]] && CHECK_USER="libreportal"
|
||||||
|
LP_MANAGER_USER="$CHECK_USER"; export LP_MANAGER_USER
|
||||||
CURRENT_USER=$(whoami)
|
CURRENT_USER=$(whoami)
|
||||||
|
|
||||||
# Check if the script is run by the specified user
|
# Check if the script is run by the specified user
|
||||||
@ -1401,8 +1420,10 @@ else
|
|||||||
fi
|
fi
|
||||||
# LibrePortal Command End
|
# LibrePortal Command End
|
||||||
EOF
|
EOF
|
||||||
# Bake the three roots into the (root-owned) wrapper, same as the helpers.
|
# Bake the manager name + three roots into the (root-owned) wrapper, same as
|
||||||
|
# the helpers.
|
||||||
sudo sed -i \
|
sudo sed -i \
|
||||||
|
-e "s/__MANAGER__/${sudo_user_name}/g" \
|
||||||
-e "s#__SYSTEM_DIR__#${LP_SYSTEM_DIR}#g" \
|
-e "s#__SYSTEM_DIR__#${LP_SYSTEM_DIR}#g" \
|
||||||
-e "s#__CONTAINERS_DIR__#${LP_CONTAINERS_DIR}#g" \
|
-e "s#__CONTAINERS_DIR__#${LP_CONTAINERS_DIR}#g" \
|
||||||
-e "s#__BACKUPS_DIR__#${LP_BACKUPS_DIR}#g" \
|
-e "s#__BACKUPS_DIR__#${LP_BACKUPS_DIR}#g" \
|
||||||
|
|||||||
@ -13,8 +13,7 @@ resolveDockerInstallUser()
|
|||||||
else
|
else
|
||||||
docker_install_user="$sudo_user_name"
|
docker_install_user="$sudo_user_name"
|
||||||
fi
|
fi
|
||||||
[[ -z "$docker_install_user" ]] && docker_install_user="$sudo_user_name"
|
[[ -z "$docker_install_user" ]] && docker_install_user="${sudo_user_name:-libreportal}"
|
||||||
[[ -z "$docker_install_user" ]] && docker_install_user="libreportal"
|
|
||||||
}
|
}
|
||||||
|
|
||||||
checkInstallTypeRequirement()
|
checkInstallTypeRequirement()
|
||||||
|
|||||||
@ -222,7 +222,7 @@ installCrowdsecHost()
|
|||||||
bouncer_key=$(runSystem cscli bouncers add traefik-bouncer -o raw 2>&1 | tail -1)
|
bouncer_key=$(runSystem cscli bouncers add traefik-bouncer -o raw 2>&1 | tail -1)
|
||||||
if [[ -n "$bouncer_key" && "$bouncer_key" != *"error"* ]]; then
|
if [[ -n "$bouncer_key" && "$bouncer_key" != *"error"* ]]; then
|
||||||
echo "$bouncer_key" | sudo tee "$key_file" >/dev/null
|
echo "$bouncer_key" | sudo tee "$key_file" >/dev/null
|
||||||
sudo chown libreportal:libreportal "$key_file"
|
sudo chown "$sudo_user_name:$sudo_user_name" "$key_file"
|
||||||
sudo chmod 0600 "$key_file"
|
sudo chmod 0600 "$key_file"
|
||||||
checkSuccess "Traefik bouncer API key generated"
|
checkSuccess "Traefik bouncer API key generated"
|
||||||
|
|
||||||
|
|||||||
@ -60,3 +60,7 @@ containers_dir="$LP_CONTAINERS_DIR/"
|
|||||||
|
|
||||||
# --- Derived: backups tree (container-user-owned; own mount-able) -----------
|
# --- Derived: backups tree (container-user-owned; own mount-able) -----------
|
||||||
backup_dir="$LP_BACKUPS_DIR"
|
backup_dir="$LP_BACKUPS_DIR"
|
||||||
|
|
||||||
|
# --- Control-plane manager user (configurable; baked into helpers at install) -
|
||||||
|
# The systemd unit + CLI wrapper export LP_MANAGER_USER; else default libreportal.
|
||||||
|
sudo_user_name="${LP_MANAGER_USER:-libreportal}"
|
||||||
|
|||||||
@ -58,11 +58,12 @@ Type=simple
|
|||||||
User=$MANAGER
|
User=$MANAGER
|
||||||
Group=$MANAGER
|
Group=$MANAGER
|
||||||
WorkingDirectory=$INSTALL_SCRIPTS_DIR
|
WorkingDirectory=$INSTALL_SCRIPTS_DIR
|
||||||
# Relocatable path roots — baked here by root so the processor resolves them
|
# Relocatable path roots + manager user — baked here by root so the processor
|
||||||
# authoritatively (not via the legacy compat default in paths.sh).
|
# resolves them authoritatively (not via the legacy compat default in paths.sh).
|
||||||
Environment=LP_SYSTEM_DIR=$SYSTEM_DIR
|
Environment=LP_SYSTEM_DIR=$SYSTEM_DIR
|
||||||
Environment=LP_CONTAINERS_DIR=$CONTAINERS_DIR
|
Environment=LP_CONTAINERS_DIR=$CONTAINERS_DIR
|
||||||
Environment=LP_BACKUPS_DIR=$BACKUPS_DIR
|
Environment=LP_BACKUPS_DIR=$BACKUPS_DIR
|
||||||
|
Environment=LP_MANAGER_USER=$MANAGER
|
||||||
ExecStart=$TASK_PROCESSOR start_script
|
ExecStart=$TASK_PROCESSOR start_script
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=5
|
RestartSec=5
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user