blob: 9afd32e0d27b6512a913763d3cb5e67b663d6db9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
VAR_LIB=/var/lib/nordlayer
NORDLAYER_RESOLVCONF=/usr/libexec/nordlayer/nordlayer-resolvconf
post_install() {
# Allow the daemon executable to bind to port 500 and administer network
setcap CAP_NET_BIND_SERVICE,CAP_NET_ADMIN,CAP_NET_RAW+eip /usr/bin/nordlayerd
setcap CAP_NET_BIND_SERVICE,CAP_NET_ADMIN,CAP_NET_RAW+eip /usr/libexec/nordlayer/nordlayer-openvpn
# Create necessary groups
getent group nordlayer || groupadd -r nordlayer
getent group nordlayer-resolve || groupadd -r nordlayer-resolve
# Create nordlayer user if it does not exist
if ! id "nordlayer" &>/dev/null; then
useradd -r -M -d /run/nordlayer -s /usr/bin/nologin -c "Used for running NordLayer" -g nordlayer nordlayer
fi
usermod -a -G nordlayer-resolve nordlayer
# Setup directories and permissions
install -d -m 0770 -o nordlayer -g nordlayer ${VAR_LIB}
chown root:nordlayer-resolve ${NORDLAYER_RESOLVCONF}
chmod 4750 ${NORDLAYER_RESOLVCONF}
chmod +x ${NORDLAYER_RESOLVCONF}
# Reload systemd and create tmpfiles
systemctl daemon-reload
systemd-tmpfiles --create
# Enable and start the service and socket
systemctl enable --now nordlayer.service nordlayer.socket
# Add current user to nordlayer group
current_user=$(logname)
if [ -n "$current_user" ]; then
usermod -a -G nordlayer "$current_user"
echo "User $current_user has been added to the 'nordlayer' group. Please log out and log back in for changes to take effect."
else
echo "Could not determine the current user. Please manually add the user to the 'nordlayer' group."
fi
}
post_upgrade() {
post_install
}
pre_remove() {
# Disable and stop the service and socket
systemctl disable --now nordlayer.service nordlayer.socket
# Remove the directory
rm -rf ${VAR_LIB}
}
|