LibrePortal/scripts/system/libreportal-svc
librelad bd1f9455ce refactor(footprint): rename libreportal.service -> libreportal-taskprocessor.service
The single systemd unit is the task processor (and now also drives the periodic
regen poll), so name it for what it does instead of the ambiguous bare
"libreportal.service" — clearer now that the runtime has more than one concern.

- svc helper: SERVICE_NAME=libreportal-taskprocessor.service; _drop_legacy()
  stops/removes the pre-rename unit on install (idempotent migration) so an
  upgraded box never runs two processors.
- init.sh: read baked roots from the new unit (fall back to the old name);
  uninstall removes both names; bump footprint_version 2 -> 3 (root-owned unit
  changed, so a manager-run update flags "root re-install needed").
- check_webui_systemd: accept either name during the transition.
- docs/FOOTPRINT.md: new unit name + uninstall command.

No sudoers change — it allows /usr/bin/systemctl generically, not a named unit.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Signed-off-by: librelad <librelad@digitalangels.vip>
2026-05-25 23:23:18 +01:00

122 lines
4.5 KiB
Bash

#!/bin/bash
# LibrePortal task-processor systemd helper — the only root-privileged management
# of the libreportal-taskprocessor.service unit the manager may trigger. Installed root:root
# 0755 to /usr/local/sbin by init.sh. Self-contained: it GENERATES the unit from
# config (mode + install-user uid + the baked manager name + fixed script paths)
# — it does NOT accept unit content from the caller (that would be root: an
# arbitrary systemd unit runs anything as root). So the scoped sudoers can allow
# it instead of blanket `sudo tee /etc/systemd/...` + `sudo systemctl`.
#
# Idempotent: only rewrites + daemon-reloads + restarts when the unit changed,
# else just ensures it's enabled + running (no needless restart of in-flight work).
set -u
[[ $EUID -eq 0 ]] || { echo "libreportal-svc: must run as root" >&2; exit 1; }
# Baked at install (placeholders replaced). Unbaked copies still contain the "__"
# sentinel, which no real absolute path does — fall back to defaults then.
MANAGER="__MANAGER__"
SYSTEM_DIR="__SYSTEM_DIR__"
CONTAINERS_DIR="__CONTAINERS_DIR__"
BACKUPS_DIR="__BACKUPS_DIR__"
[[ "$MANAGER" == *"__"* || -z "$MANAGER" ]] && MANAGER="libreportal"
[[ "$SYSTEM_DIR" == *"__"* || -z "$SYSTEM_DIR" ]] && SYSTEM_DIR="/libreportal-system"
[[ "$CONTAINERS_DIR" == *"__"* || -z "$CONTAINERS_DIR" ]] && CONTAINERS_DIR="/libreportal-containers"
[[ "$BACKUPS_DIR" == *"__"* || -z "$BACKUPS_DIR" ]] && BACKUPS_DIR="/libreportal-backups"
SERVICE_NAME="libreportal-taskprocessor.service"
SERVICE_FILE="/etc/systemd/system/$SERVICE_NAME"
# Pre-rename unit name — removed on install so an upgraded box doesn't keep a
# duplicate/orphan processor running under the old name.
LEGACY_SERVICE_NAME="libreportal.service"
LEGACY_SERVICE_FILE="/etc/systemd/system/$LEGACY_SERVICE_NAME"
INSTALL_SCRIPTS_DIR="$SYSTEM_DIR/install/scripts"
TASK_PROCESSOR="$INSTALL_SCRIPTS_DIR/crontab/task/crontab_task_processor.sh"
DB_CFG="$SYSTEM_DIR/configs/general/general_docker_install"
_mode() {
local m
m=$(grep -h '^CFG_DOCKER_INSTALL_TYPE=' "$DB_CFG" 2>/dev/null | head -1 | cut -d= -f2 | awk '{print $1}')
echo "${m:-rootless}"
}
_gen_unit() {
local env_block=""
if [[ "$(_mode)" == "rootless" ]]; then
local u uid
u=$(grep -h '^CFG_DOCKER_INSTALL_USER=' "$DB_CFG" 2>/dev/null | head -1 | cut -d= -f2 | awk '{print $1}')
uid=$(id -u "${u:-dockerinstall}" 2>/dev/null)
if [[ -n "$uid" ]]; then
env_block="Environment=DOCKER_HOST=unix:///run/user/${uid}/docker.sock
Environment=XDG_RUNTIME_DIR=/run/user/${uid}"
fi
fi
cat <<EOF
[Unit]
Description=LibrePortal Task Processor
After=network.target
Wants=network.target
[Service]
Type=simple
User=$MANAGER
Group=$MANAGER
WorkingDirectory=$INSTALL_SCRIPTS_DIR
# Relocatable path roots + manager user — baked here by root so the processor
# resolves them authoritatively (not via the legacy compat default in paths.sh).
Environment=LP_SYSTEM_DIR=$SYSTEM_DIR
Environment=LP_CONTAINERS_DIR=$CONTAINERS_DIR
Environment=LP_BACKUPS_DIR=$BACKUPS_DIR
Environment=LP_MANAGER_USER=$MANAGER
ExecStart=$TASK_PROCESSOR start_script
Restart=always
RestartSec=5
SyslogIdentifier=libreportal
${env_block}
# Security
PrivateTmp=true
[Install]
WantedBy=multi-user.target
EOF
}
# Remove the pre-rename unit if it's still around (idempotent migration).
_drop_legacy() {
if [[ -f "$LEGACY_SERVICE_FILE" ]]; then
systemctl disable --now "$LEGACY_SERVICE_NAME" >/dev/null 2>&1
rm -f "$LEGACY_SERVICE_FILE"
systemctl daemon-reload
fi
}
install_unit() {
_drop_legacy
local desired current=""
desired="$(_gen_unit)"
[[ -f "$SERVICE_FILE" ]] && current="$(cat "$SERVICE_FILE" 2>/dev/null)"
if [[ "$desired" != "$current" ]]; then
printf '%s\n' "$desired" > "$SERVICE_FILE"
systemctl daemon-reload
systemctl enable "$SERVICE_NAME" >/dev/null 2>&1
systemctl restart "$SERVICE_NAME"
echo "updated"
else
systemctl enable "$SERVICE_NAME" >/dev/null 2>&1
systemctl is-active --quiet "$SERVICE_NAME" || systemctl start "$SERVICE_NAME"
echo "unchanged"
fi
}
action="${1:-}"
case "$action" in
install) install_unit ;;
enable) systemctl enable "$SERVICE_NAME" >/dev/null 2>&1 ;;
restart) systemctl restart "$SERVICE_NAME" ;;
start) systemctl start "$SERVICE_NAME" ;;
status) systemctl is-active "$SERVICE_NAME" ;;
*) echo "usage: libreportal-svc {install|enable|restart|start|status}" >&2; exit 2 ;;
esac