diff options
author | Christian Pointner <equinox@anytun.org> | 2016-07-07 22:48:58 +0200 |
---|---|---|
committer | Christian Pointner <equinox@anytun.org> | 2016-07-07 22:48:58 +0200 |
commit | 2c3c2955a29135ecc2a7920c9816bc8ccd0f9086 (patch) | |
tree | 34c537ad3da97a302bd41362c4e8179879ea8fcb /usr | |
parent | added some privilege limitations to sample systemd services (diff) |
streamlined systemd integration/installation
Diffstat (limited to 'usr')
-rwxr-xr-x | usr/bin/anytun-launcher.sh | 34 | ||||
-rw-r--r-- | usr/lib/systemd/system/anytun-control@.service | 4 | ||||
-rw-r--r-- | usr/lib/systemd/system/anytun@.service | 4 | ||||
-rw-r--r-- | usr/lib/tmpfiles.d/anytun.conf | 2 |
4 files changed, 26 insertions, 18 deletions
diff --git a/usr/bin/anytun-launcher.sh b/usr/bin/anytun-launcher.sh index 8103f91..60773fd 100755 --- a/usr/bin/anytun-launcher.sh +++ b/usr/bin/anytun-launcher.sh @@ -2,12 +2,12 @@ NAME="${NAME:-$2}" -DAEMON=/usr/sbin/anytun -ANYTUNCONFIG=/usr/bin/anytun-config -CONTROLDAEMON=/usr/bin/anytun-controld -CONFIG_DIR=/etc/anytun -VARCONFIG_DIR=/run/anytun-controld +DAEMON=/usr/local/sbin/anytun +ANYTUNCONFIG=/usr/local/bin/anytun-config +CONTROLDAEMON=/usr/local/bin/anytun-controld +CONFIG_DIR=/usr/local/etc/anytun VARRUN_DIR=/run/anytun +VARCONTROL_DIR=/run/anytun-controld test -x $DAEMON || exit 0 test -z $NAME && exit 1 @@ -31,18 +31,18 @@ start_vpn () { start_configd () { if [ -d $CONFIG_DIR/$NAME/conf.d ] ; then - test -d $VARCONFIG_DIR || mkdir -p $VARCONFIG_DIR - chmod 700 $VARCONFIG_DIR - rm -f $VARCONFIG_DIR/$NAME 2>/dev/null + test -d $VARCONTROL_DIR || mkdir -p $VARCONTROL_DIR + chmod 700 $VARCONTROL_DIR + rm -f $VARCONTROL_DIR/$NAME 2>/dev/null KDPRF=`sed 's/#.*//' < $CONFIG_DIR/$NAME/config | grep -e 'kd-prf' | sed 's/^/ --/' | xargs echo` for CLIENTNAME in `ls $CONFIG_DIR/$NAME/conf.d`; do echo -n " ($CLIENTNAME)" DAEMONARG=`sed 's/#.*//' < $CONFIG_DIR/$NAME/conf.d/$CLIENTNAME | grep -e '\w' | sed 's/^/ --/' | xargs echo` - $ANYTUNCONFIG $DAEMONARG $CIPHER $AUTHALGO $KDPRF >> $VARCONFIG_DIR/$NAME + $ANYTUNCONFIG $DAEMONARG $CIPHER $AUTHALGO $KDPRF >> $VARCONTROL_DIR/$NAME done CONTROLHOST=`sed 's/#.*//' < $CONFIG_DIR/$NAME/config | grep -e 'control-host' | sed 's/^/ --/' | xargs echo` - $CONTROLDAEMON -f $VARCONFIG_DIR/$NAME $DAEMONOPTS $CONTROLHOST \ - --write-pid $VARCONFIG_DIR/$NAME.pid + $CONTROLDAEMON -f $VARCONTROL_DIR/$NAME $DAEMONOPTS $CONTROLHOST \ + --write-pid $VARCONTROL_DIR/$NAME.pid else echo "no conf.d directory found (maybe $NAME is an anytun client not a server?)" >&2 return 1 @@ -50,7 +50,13 @@ start_configd () { } case $1 in -(vpn) start_vpn ;; -(configd) start_configd ;; -(*) exit 2;; + vpn) + start_vpn + ;; + configd) + start_configd + ;; + *) + exit 2 + ;; esac diff --git a/usr/lib/systemd/system/anytun-control@.service b/usr/lib/systemd/system/anytun-control@.service index b2e6a2c..4fb3ba7 100644 --- a/usr/lib/systemd/system/anytun-control@.service +++ b/usr/lib/systemd/system/anytun-control@.service @@ -1,5 +1,5 @@ [Unit] -Description=AnyTun Server Config Control Daemon +Description=secure anycast tunneling config daemon After=syslog.target network.target Requires=anytun@%i.service @@ -7,7 +7,7 @@ Requires=anytun@%i.service Type=simple PIDFile=/run/anytun-controld/%i.pid Environment="NAME=%i" "DAEMONOPTS=-D -L stdout:3" -ExecStart=/usr/bin/anytun-launcher.sh configd +ExecStart=/usr/local/bin/anytun-launcher.sh configd Restart=on-failure PrivateTmp=yes PrivateDevices=yes diff --git a/usr/lib/systemd/system/anytun@.service b/usr/lib/systemd/system/anytun@.service index b28433b..176816b 100644 --- a/usr/lib/systemd/system/anytun@.service +++ b/usr/lib/systemd/system/anytun@.service @@ -1,12 +1,12 @@ [Unit] -Description=AnyTun secure anycast tunneling +Description=secure anycast tunneling daemon After=syslog.target network.target [Service] Type=simple PIDFile=/run/anytun/%i.pid Environment="NAME=%i" "DAEMONOPTS=-D -L stdout:3" -ExecStart=/usr/bin/anytun-launcher.sh vpn +ExecStart=/usr/local/bin/anytun-launcher.sh vpn Restart=on-failure PrivateTmp=yes PrivateDevices=yes diff --git a/usr/lib/tmpfiles.d/anytun.conf b/usr/lib/tmpfiles.d/anytun.conf new file mode 100644 index 0000000..9fb1215 --- /dev/null +++ b/usr/lib/tmpfiles.d/anytun.conf @@ -0,0 +1,2 @@ +d /run/anytun-controld 0700 anytun anytun - +d /run/anytun 0700 anytun anytun - |