LibrePortal/scripts/webui/webui_install_systemd.sh
librelad c9445b4e78 fix(rootless): task service DOCKER_HOST points at the install user's socket
The rootless task-processor service env used id -u $sudo_user_name (the
manager, e.g. 1001) for DOCKER_HOST/XDG_RUNTIME_DIR, but the rootless daemon
runs as the docker install user, so its socket lives at
/run/user/<install-user-uid>/docker.sock (e.g. 1002). The manager-uid path
doesn't exist. Use id -u $CFG_DOCKER_INSTALL_USER so the env matches the
actual rootless socket (same values dockerCommandRunInstallUser uses).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Signed-off-by: librelad <librelad@digitalangels.vip>
2026-05-24 14:52:41 +01:00

93 lines
3.5 KiB
Bash
Executable File

#!/bin/bash
# LibrePortal Task Processor Systemd Service Setup
# Replaces crontabSetupTaskProcessor with systemd service
installLibrePortalWebUITaskService()
{
if [[ "$CFG_REQUIREMENT_WEBUI_SERVICE" == "true" ]]; then
local service_file="/etc/systemd/system/libreportal.service"
if [[ ! -f "$service_file" ]]; then
local task_processor_script="$install_scripts_dir/crontab/task/crontab_task_processor.sh"
local task_dir="$containers_dir/libreportal/frontend/data/tasks"
# Update TASK_DIR in the task processor script
if [ -f "$task_processor_script" ]; then
sed -i "s|TASK_DIR=\".*\"|TASK_DIR=\"$task_dir\"|g" "$task_processor_script"
chmod +x "$task_processor_script"
else
isNotice "Task processor script not found"
fi
# Rootless docker exposes the daemon at /run/user/<uid>/docker.sock and
# depends on XDG_RUNTIME_DIR being set. Systemd units don't inherit user
# bashrc, so without these Environment= lines the processor would fall
# back to /var/run/docker.sock (which rootless does not create) and any
# `docker …` call inside the task would fail. Rootful gets no extras —
# the default /var/run path is already correct.
#
# The rootless daemon runs as the DOCKER INSTALL USER, so its socket lives in
# that user's runtime dir — not the manager's. Use the docker install user's
# uid here (matches dockerCommandRunInstallUser); pointing at the manager's
# uid was wrong — that socket doesn't exist.
local service_env_block=""
if [[ "$CFG_DOCKER_INSTALL_TYPE" == "rootless" ]]; then
local docker_install_uid
docker_install_uid="$(id -u "$CFG_DOCKER_INSTALL_USER")"
service_env_block="Environment=DOCKER_HOST=unix:///run/user/${docker_install_uid}/docker.sock
Environment=XDG_RUNTIME_DIR=/run/user/${docker_install_uid}"
fi
# Create systemd service file
runSystem tee "$service_file" > /dev/null <<EOF
[Unit]
Description=LibrePortal Task Processor
After=network.target
Wants=network.target
[Service]
Type=simple
User=$sudo_user_name
Group=$sudo_user_name
WorkingDirectory=$install_scripts_dir
ExecStart=$task_processor_script start_script
Restart=always
RestartSec=5
SyslogIdentifier=libreportal
${service_env_block}
# Security
PrivateTmp=true
[Install]
WantedBy=multi-user.target
EOF
# Remove from crontab if it exists
if sudo -u $sudo_user_name crontab -l 2>/dev/null | grep -q "task_processor.sh"; then
sudo -u $sudo_user_name crontab -l 2>/dev/null | grep -v "task_processor.sh" | sudo -u $sudo_user_name crontab -
isNotice "Removed task processor from crontab"
fi
# Reload systemd and enable service
runSystem systemctl daemon-reload
runSystem systemctl enable libreportal.service >/dev/null 2>&1
runSystem systemctl start libreportal.service
isSuccessful "LibrePortal task processor service setup."
fi
fi
}
# Restart the task processor after a docker-type switch. The processor reads the
# install type (rooted/rootless) ONCE at startup to decide how runFileOp writes
# into the docker-install-owned task dir, so a running instance keeps using the
# old mode until it's bounced. The switch is a CLI one-shot (not a processor
# task), so this won't kill an in-flight switch.
restartLibrePortalWebUITaskService()
{
[[ "$CFG_REQUIREMENT_WEBUI_SERVICE" == "true" ]] || return 0
[[ -f /etc/systemd/system/libreportal.service ]] || return 0
runSystem systemctl restart libreportal.service 2>/dev/null
isSuccessful "Restarted task processor for $CFG_DOCKER_INSTALL_TYPE Docker mode"
}