#!/bin/bash # LibrePortal task-processor systemd helper — the only root-privileged management # of the libreportal-taskprocessor.service unit the manager may trigger. Installed root:root # 0755 to /usr/local/sbin by init.sh. Self-contained: it GENERATES the unit from # config (mode + install-user uid + the baked manager name + fixed script paths) # — it does NOT accept unit content from the caller (that would be root: an # arbitrary systemd unit runs anything as root). So the scoped sudoers can allow # it instead of blanket `sudo tee /etc/systemd/...` + `sudo systemctl`. # # Idempotent: only rewrites + daemon-reloads + restarts when the unit changed, # else just ensures it's enabled + running (no needless restart of in-flight work). set -u [[ $EUID -eq 0 ]] || { echo "libreportal-svc: must run as root" >&2; exit 1; } # Baked at install (placeholders replaced). Unbaked copies still contain the "__" # sentinel, which no real absolute path does — fall back to defaults then. MANAGER="__MANAGER__" SYSTEM_DIR="__SYSTEM_DIR__" CONTAINERS_DIR="__CONTAINERS_DIR__" BACKUPS_DIR="__BACKUPS_DIR__" [[ "$MANAGER" == *"__"* || -z "$MANAGER" ]] && MANAGER="libreportal" [[ "$SYSTEM_DIR" == *"__"* || -z "$SYSTEM_DIR" ]] && SYSTEM_DIR="/libreportal-system" [[ "$CONTAINERS_DIR" == *"__"* || -z "$CONTAINERS_DIR" ]] && CONTAINERS_DIR="/libreportal-containers" [[ "$BACKUPS_DIR" == *"__"* || -z "$BACKUPS_DIR" ]] && BACKUPS_DIR="/libreportal-backups" SERVICE_NAME="libreportal-taskprocessor.service" SERVICE_FILE="/etc/systemd/system/$SERVICE_NAME" # Pre-rename unit name — removed on install so an upgraded box doesn't keep a # duplicate/orphan processor running under the old name. LEGACY_SERVICE_NAME="libreportal.service" LEGACY_SERVICE_FILE="/etc/systemd/system/$LEGACY_SERVICE_NAME" INSTALL_SCRIPTS_DIR="$SYSTEM_DIR/install/scripts" TASK_PROCESSOR="$INSTALL_SCRIPTS_DIR/crontab/task/crontab_task_processor.sh" DB_CFG="$SYSTEM_DIR/configs/general/general_docker_install" _mode() { local m m=$(grep -h '^CFG_DOCKER_INSTALL_TYPE=' "$DB_CFG" 2>/dev/null | head -1 | cut -d= -f2 | awk '{print $1}') echo "${m:-rootless}" } _gen_unit() { local env_block="" if [[ "$(_mode)" == "rootless" ]]; then local u uid u=$(grep -h '^CFG_DOCKER_INSTALL_USER=' "$DB_CFG" 2>/dev/null | head -1 | cut -d= -f2 | awk '{print $1}') uid=$(id -u "${u:-dockerinstall}" 2>/dev/null) if [[ -n "$uid" ]]; then env_block="Environment=DOCKER_HOST=unix:///run/user/${uid}/docker.sock Environment=XDG_RUNTIME_DIR=/run/user/${uid}" fi fi cat </dev/null 2>&1 rm -f "$LEGACY_SERVICE_FILE" systemctl daemon-reload fi } install_unit() { _drop_legacy local desired current="" desired="$(_gen_unit)" [[ -f "$SERVICE_FILE" ]] && current="$(cat "$SERVICE_FILE" 2>/dev/null)" if [[ "$desired" != "$current" ]]; then printf '%s\n' "$desired" > "$SERVICE_FILE" systemctl daemon-reload systemctl enable "$SERVICE_NAME" >/dev/null 2>&1 systemctl restart "$SERVICE_NAME" echo "updated" else systemctl enable "$SERVICE_NAME" >/dev/null 2>&1 systemctl is-active --quiet "$SERVICE_NAME" || systemctl start "$SERVICE_NAME" echo "unchanged" fi } action="${1:-}" case "$action" in install) install_unit ;; enable) systemctl enable "$SERVICE_NAME" >/dev/null 2>&1 ;; restart) systemctl restart "$SERVICE_NAME" ;; start) systemctl start "$SERVICE_NAME" ;; status) systemctl is-active "$SERVICE_NAME" ;; *) echo "usage: libreportal-svc {install|enable|restart|start|status}" >&2; exit 2 ;; esac