diff options
Diffstat (limited to 'nordlayer-bin.install')
-rw-r--r-- | nordlayer-bin.install | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/nordlayer-bin.install b/nordlayer-bin.install new file mode 100644 index 000000000000..9afd32e0d27b --- /dev/null +++ b/nordlayer-bin.install @@ -0,0 +1,52 @@ +VAR_LIB=/var/lib/nordlayer +NORDLAYER_RESOLVCONF=/usr/libexec/nordlayer/nordlayer-resolvconf + +post_install() { + # Allow the daemon executable to bind to port 500 and administer network + setcap CAP_NET_BIND_SERVICE,CAP_NET_ADMIN,CAP_NET_RAW+eip /usr/bin/nordlayerd + setcap CAP_NET_BIND_SERVICE,CAP_NET_ADMIN,CAP_NET_RAW+eip /usr/libexec/nordlayer/nordlayer-openvpn + + # Create necessary groups + getent group nordlayer || groupadd -r nordlayer + getent group nordlayer-resolve || groupadd -r nordlayer-resolve + + # Create nordlayer user if it does not exist + if ! id "nordlayer" &>/dev/null; then + useradd -r -M -d /run/nordlayer -s /usr/bin/nologin -c "Used for running NordLayer" -g nordlayer nordlayer + fi + + usermod -a -G nordlayer-resolve nordlayer + + # Setup directories and permissions + install -d -m 0770 -o nordlayer -g nordlayer ${VAR_LIB} + chown root:nordlayer-resolve ${NORDLAYER_RESOLVCONF} + chmod 4750 ${NORDLAYER_RESOLVCONF} + chmod +x ${NORDLAYER_RESOLVCONF} + + # Reload systemd and create tmpfiles + systemctl daemon-reload + systemd-tmpfiles --create + + # Enable and start the service and socket + systemctl enable --now nordlayer.service nordlayer.socket + + # Add current user to nordlayer group + current_user=$(logname) + if [ -n "$current_user" ]; then + usermod -a -G nordlayer "$current_user" + echo "User $current_user has been added to the 'nordlayer' group. Please log out and log back in for changes to take effect." + else + echo "Could not determine the current user. Please manually add the user to the 'nordlayer' group." + fi +} + +post_upgrade() { + post_install +} + +pre_remove() { + # Disable and stop the service and socket + systemctl disable --now nordlayer.service nordlayer.socket + # Remove the directory + rm -rf ${VAR_LIB} +} |