VAR_LIB=/var/lib/nordlayer NORDLAYER_RESOLVCONF=/usr/libexec/nordlayer/nordlayer-resolvconf post_install() { # Allow the daemon executable to bind to port 500 and administer network /usr/libexec/nordlayer/nordlayer-setcap CAP_NET_BIND_SERVICE,CAP_NET_ADMIN,CAP_NET_RAW,CAP_IPC_LOCK+eip /usr/sbin/nordlayerd /usr/libexec/nordlayer/nordlayer-setcap CAP_NET_BIND_SERVICE,CAP_NET_ADMIN,CAP_NET_RAW+eip /usr/libexec/nordlayer/nordlayer-charon /usr/libexec/nordlayer/nordlayer-setcap CAP_NET_BIND_SERVICE,CAP_NET_ADMIN,CAP_NET_RAW+eip /usr/libexec/nordlayer/nordlayer-openvpn /usr/libexec/nordlayer/nordlayer-setcap CAP_IPC_LOCK+eip /usr/bin/nordlayer groupadd -r -f nordlayer groupadd -r -f nordlayer-resolve if ! id "nordlayer" >/dev/null 2>&1; then useradd -s /usr/bin/nologin -c "Used for running NordLayer" -r -M -d /run/nordlayer -g nordlayer nordlayer fi usermod -a -G nordlayer-resolve nordlayer mkdir -p ${VAR_LIB} chmod 0700 -R ${VAR_LIB} chown nordlayer:nordlayer -R ${VAR_LIB} chown root:nordlayer-resolve ${NORDLAYER_RESOLVCONF} chmod 4750 ${NORDLAYER_RESOLVCONF} # Ensure nordlayer-resolvconf has execute permissions chmod +x ${NORDLAYER_RESOLVCONF} # Reload config systemctl daemon-reload # Create tmpfiles systemd-tmpfiles --create # Start service on boot systemctl enable nordlayer.socket systemctl enable nordlayer.service # Restart service now systemctl start nordlayer.socket systemctl start nordlayer.service # Add current user to nordlayer group current_user=$(logname) if [ -n "$current_user" ]; then usermod -a -G nordlayer "$current_user" echo "User $current_user has been added to the 'nordlayer' group. Please log out and log back in for changes to take effect." else echo "Could not determine the current user. Please manually add the user to the 'nordlayer' group." fi } post_upgrade() { post_install } pre_remove() { rm -rf ${VAR_LIB} systemctl disable nordlayer.service systemctl disable nordlayer.socket systemctl stop nordlayer.service systemctl stop nordlayer.socket }