diff options
| author | Roland Kiraly | 2024-06-06 12:51:53 +0100 |
|---|---|---|
| committer | Roland Kiraly | 2024-06-06 12:51:53 +0100 |
| commit | 51c619338e4ff508eb072ffde231796370e37074 (patch) | |
| tree | 62f089c31c097d4111e3157db026181abd4890fe /nordlayer.install | |
| parent | 3cc7a54476d6fe4d4ff2d41d2e9d6990245f16ac (diff) | |
| download | aur-nordlayer.tar.gz | |
chore: Update package name and install script for nordlayer VPN client
Diffstat (limited to 'nordlayer.install')
| -rw-r--r-- | nordlayer.install | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/nordlayer.install b/nordlayer.install new file mode 100644 index 000000000000..dd88a417fc4b --- /dev/null +++ b/nordlayer.install @@ -0,0 +1,63 @@ +VAR_LIB=/var/lib/nordlayer +NORDLAYER_RESOLVCONF=/usr/libexec/nordlayer/nordlayer-resolvconf + +post_install() { + # Allow the daemon executable to bind to port 500 and administer network + /usr/libexec/nordlayer/nordlayer-setcap CAP_NET_BIND_SERVICE,CAP_NET_ADMIN,CAP_NET_RAW,CAP_IPC_LOCK+eip /usr/sbin/nordlayerd + /usr/libexec/nordlayer/nordlayer-setcap CAP_NET_BIND_SERVICE,CAP_NET_ADMIN,CAP_NET_RAW+eip /usr/libexec/nordlayer/nordlayer-charon + /usr/libexec/nordlayer/nordlayer-setcap CAP_NET_BIND_SERVICE,CAP_NET_ADMIN,CAP_NET_RAW+eip /usr/libexec/nordlayer/nordlayer-openvpn + /usr/libexec/nordlayer/nordlayer-setcap CAP_IPC_LOCK+eip /usr/bin/nordlayer + + groupadd -r -f nordlayer + groupadd -r -f nordlayer-resolve + + if ! id "nordlayer" >/dev/null 2>&1; then + useradd -s /usr/bin/nologin -c "Used for running NordLayer" -r -M -d /run/nordlayer -g nordlayer nordlayer + fi + + usermod -a -G nordlayer-resolve nordlayer + + mkdir -p ${VAR_LIB} + chmod 0700 -R ${VAR_LIB} + chown nordlayer:nordlayer -R ${VAR_LIB} + + chown root:nordlayer-resolve ${NORDLAYER_RESOLVCONF} + chmod 4750 ${NORDLAYER_RESOLVCONF} + # Ensure nordlayer-resolvconf has execute permissions + chmod +x ${NORDLAYER_RESOLVCONF} + + # Reload config + systemctl daemon-reload + + # Create tmpfiles + systemd-tmpfiles --create + + # Start service on boot + systemctl enable nordlayer.socket + systemctl enable nordlayer.service + + # Restart service now + systemctl start nordlayer.socket + systemctl start nordlayer.service + # Add current user to nordlayer group + current_user=$(logname) + if [ -n "$current_user" ]; then + usermod -a -G nordlayer "$current_user" + echo "User $current_user has been added to the 'nordlayer' group. Please log out and log back in for changes to take effect." + else + echo "Could not determine the current user. Please manually add the user to the 'nordlayer' group." + fi +} + +post_upgrade() { + post_install +} + +pre_remove() { + rm -rf ${VAR_LIB} + systemctl disable nordlayer.service + systemctl disable nordlayer.socket + + systemctl stop nordlayer.service + systemctl stop nordlayer.socket +} |