The task processor is a systemd-service daemon, not a cron job — move it out of the misleadingly-named scripts/crontab/task/ to scripts/task/. To stop the systemd unit from baking the processor's in-tree path (the footprint coupling that forces a reinstall on every reorg), the unit now ExecStarts the stable wrapper: /usr/local/bin/libreportal __task-processor. start.sh intercepts that early (after paths.sh, before the heavy load), exports install_scripts_dir, and exec's the processor with start_script. Future moves/renames need only the one hand-off updated + a regen — no footprint bump. - git mv scripts/crontab/task -> scripts/task (filenames kept; cron-watchdog grep + function names unchanged) - libreportal-svc: ExecStart -> stable wrapper launcher - start.sh: __task-processor internal launcher (export install_scripts_dir; exec) - crontab_task_processor.sh: fix self-location ../.. -> .. for the new 1-level depth (latent bug the move would otherwise have introduced) - regen files_*/function_manifest; add task_scripts to the app/cli aggregates - footprint_version 3 -> 4 (root-owned svc unit changed -> needs a root reinstall) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Signed-off-by: librelad <librelad@digitalangels.vip>
107 lines
4.0 KiB
Bash
107 lines
4.0 KiB
Bash
#!/bin/bash
|
|
# LibrePortal task-processor systemd helper — the only root-privileged management
|
|
# of the libreportal.service unit the manager may trigger. Installed root:root
|
|
# 0755 to /usr/local/lib/libreportal/ by init.sh. Self-contained: it GENERATES the unit from
|
|
# config (mode + install-user uid + the baked manager name + fixed script paths)
|
|
# — it does NOT accept unit content from the caller (that would be root: an
|
|
# arbitrary systemd unit runs anything as root). So the scoped sudoers can allow
|
|
# it instead of blanket `sudo tee /etc/systemd/...` + `sudo systemctl`.
|
|
#
|
|
# Idempotent: only rewrites + daemon-reloads + restarts when the unit changed,
|
|
# else just ensures it's enabled + running (no needless restart of in-flight work).
|
|
|
|
set -u
|
|
|
|
[[ $EUID -eq 0 ]] || { echo "libreportal-svc: must run as root" >&2; exit 1; }
|
|
|
|
# Baked at install (placeholders replaced). Unbaked copies still contain the "__"
|
|
# sentinel, which no real absolute path does — fall back to defaults then.
|
|
MANAGER="__MANAGER__"
|
|
SYSTEM_DIR="__SYSTEM_DIR__"
|
|
CONTAINERS_DIR="__CONTAINERS_DIR__"
|
|
BACKUPS_DIR="__BACKUPS_DIR__"
|
|
[[ "$MANAGER" == *"__"* || -z "$MANAGER" ]] && MANAGER="libreportal"
|
|
[[ "$SYSTEM_DIR" == *"__"* || -z "$SYSTEM_DIR" ]] && SYSTEM_DIR="/libreportal-system"
|
|
[[ "$CONTAINERS_DIR" == *"__"* || -z "$CONTAINERS_DIR" ]] && CONTAINERS_DIR="/libreportal-containers"
|
|
[[ "$BACKUPS_DIR" == *"__"* || -z "$BACKUPS_DIR" ]] && BACKUPS_DIR="/libreportal-backups"
|
|
|
|
SERVICE_FILE="/etc/systemd/system/libreportal.service"
|
|
INSTALL_SCRIPTS_DIR="$SYSTEM_DIR/install/scripts"
|
|
LP_COMMAND="/usr/local/bin/libreportal" # stable wrapper symlink; runs the processor via start.sh, so the unit is decoupled from the script's in-tree path
|
|
DB_CFG="$SYSTEM_DIR/configs/general/general_docker_install"
|
|
|
|
_mode() {
|
|
local m
|
|
m=$(grep -h '^CFG_DOCKER_INSTALL_TYPE=' "$DB_CFG" 2>/dev/null | head -1 | cut -d= -f2 | awk '{print $1}')
|
|
echo "${m:-rootless}"
|
|
}
|
|
|
|
_gen_unit() {
|
|
local env_block=""
|
|
if [[ "$(_mode)" == "rootless" ]]; then
|
|
local u uid
|
|
u=$(grep -h '^CFG_DOCKER_INSTALL_USER=' "$DB_CFG" 2>/dev/null | head -1 | cut -d= -f2 | awk '{print $1}')
|
|
uid=$(id -u "${u:-dockerinstall}" 2>/dev/null)
|
|
if [[ -n "$uid" ]]; then
|
|
env_block="Environment=DOCKER_HOST=unix:///run/user/${uid}/docker.sock
|
|
Environment=XDG_RUNTIME_DIR=/run/user/${uid}"
|
|
fi
|
|
fi
|
|
cat <<EOF
|
|
[Unit]
|
|
Description=LibrePortal Task Processor
|
|
After=network.target
|
|
Wants=network.target
|
|
|
|
[Service]
|
|
Type=simple
|
|
User=$MANAGER
|
|
Group=$MANAGER
|
|
WorkingDirectory=$INSTALL_SCRIPTS_DIR
|
|
# Relocatable path roots + manager user — baked here by root so the processor
|
|
# resolves them authoritatively (not via the legacy compat default in paths.sh).
|
|
Environment=LP_SYSTEM_DIR=$SYSTEM_DIR
|
|
Environment=LP_CONTAINERS_DIR=$CONTAINERS_DIR
|
|
Environment=LP_BACKUPS_DIR=$BACKUPS_DIR
|
|
Environment=LP_MANAGER_USER=$MANAGER
|
|
ExecStart=$LP_COMMAND __task-processor
|
|
Restart=always
|
|
RestartSec=5
|
|
SyslogIdentifier=libreportal
|
|
${env_block}
|
|
|
|
# Security
|
|
PrivateTmp=true
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
EOF
|
|
}
|
|
|
|
install_unit() {
|
|
local desired current=""
|
|
desired="$(_gen_unit)"
|
|
[[ -f "$SERVICE_FILE" ]] && current="$(cat "$SERVICE_FILE" 2>/dev/null)"
|
|
if [[ "$desired" != "$current" ]]; then
|
|
printf '%s\n' "$desired" > "$SERVICE_FILE"
|
|
systemctl daemon-reload
|
|
systemctl enable libreportal.service >/dev/null 2>&1
|
|
systemctl restart libreportal.service
|
|
echo "updated"
|
|
else
|
|
systemctl enable libreportal.service >/dev/null 2>&1
|
|
systemctl is-active --quiet libreportal.service || systemctl start libreportal.service
|
|
echo "unchanged"
|
|
fi
|
|
}
|
|
|
|
action="${1:-}"
|
|
case "$action" in
|
|
install) install_unit ;;
|
|
enable) systemctl enable libreportal.service >/dev/null 2>&1 ;;
|
|
restart) systemctl restart libreportal.service ;;
|
|
start) systemctl start libreportal.service ;;
|
|
status) systemctl is-active libreportal.service ;;
|
|
*) echo "usage: libreportal-svc {install|enable|restart|start|status}" >&2; exit 2 ;;
|
|
esac
|