blob: 18d381b92c9bd7851fc698ae549e6f82e09170f7 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
VAR_LIB=/var/lib/nordlayer
NORDLAYER_RESOLVCONF=/usr/libexec/nordlayer/nordlayer-resolvconf
post_install() {
# Allow the daemon executable to bind to port 500 and administer network
setcap CAP_NET_BIND_SERVICE,CAP_NET_ADMIN,CAP_NET_RAW+eip /usr/bin/nordlayerd
setcap CAP_NET_BIND_SERVICE,CAP_NET_ADMIN,CAP_NET_RAW+eip /usr/libexec/nordlayer/nordlayer-openvpn
groupadd -r -f nordlayer
groupadd -r -f nordlayer-resolve
if ! id "nordlayer" >/dev/null 2>&1; then
useradd -s /usr/bin/nologin -c "Used for running NordLayer" -r -M -d /run/nordlayer -g nordlayer nordlayer
fi
usermod -a -G nordlayer-resolve nordlayer
mkdir -p ${VAR_LIB}
chmod 0770 -R ${VAR_LIB}
chown nordlayer:nordlayer -R ${VAR_LIB}
chown root:nordlayer-resolve ${NORDLAYER_RESOLVCONF}
chmod 4750 ${NORDLAYER_RESOLVCONF}
# Ensure nordlayer-resolvconf has execute permissions
chmod +x ${NORDLAYER_RESOLVCONF}
# Reload config
systemctl daemon-reload
# Create tmpfiles
systemd-tmpfiles --create
# Start service on boot
systemctl enable nordlayer.socket
systemctl enable nordlayer.service
# Restart service now
systemctl start nordlayer.socket
systemctl start nordlayer.service
# Add current user to nordlayer group
current_user=$(logname)
if [ -n "$current_user" ]; then
usermod -a -G nordlayer "$current_user"
echo "User $current_user has been added to the 'nordlayer' group. Please log out and log back in for changes to take effect."
else
echo "Could not determine the current user. Please manually add the user to the 'nordlayer' group."
fi
}
post_upgrade() {
post_install
}
pre_remove() {
rm -rf ${VAR_LIB}
systemctl disable nordlayer.service
systemctl disable nordlayer.socket
systemctl stop nordlayer.service
systemctl stop nordlayer.socket
}
|