aboutsummarylogtreecommitdiffstats
path: root/nordlayer.install
blob: dd88a417fc4b802c3f7f4532d7bc98b3e81c24b8 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63

VAR_LIB=/var/lib/nordlayer
NORDLAYER_RESOLVCONF=/usr/libexec/nordlayer/nordlayer-resolvconf

post_install() {
  # Allow the daemon executable to bind to port 500 and administer network
  /usr/libexec/nordlayer/nordlayer-setcap CAP_NET_BIND_SERVICE,CAP_NET_ADMIN,CAP_NET_RAW,CAP_IPC_LOCK+eip /usr/sbin/nordlayerd
  /usr/libexec/nordlayer/nordlayer-setcap CAP_NET_BIND_SERVICE,CAP_NET_ADMIN,CAP_NET_RAW+eip /usr/libexec/nordlayer/nordlayer-charon
  /usr/libexec/nordlayer/nordlayer-setcap CAP_NET_BIND_SERVICE,CAP_NET_ADMIN,CAP_NET_RAW+eip /usr/libexec/nordlayer/nordlayer-openvpn
  /usr/libexec/nordlayer/nordlayer-setcap CAP_IPC_LOCK+eip /usr/bin/nordlayer

  groupadd -r -f nordlayer
  groupadd -r -f nordlayer-resolve

  if ! id "nordlayer" >/dev/null 2>&1; then
    useradd -s /usr/bin/nologin -c "Used for running NordLayer" -r -M -d /run/nordlayer -g nordlayer nordlayer
  fi

  usermod -a -G nordlayer-resolve nordlayer

  mkdir -p ${VAR_LIB}
  chmod 0700 -R ${VAR_LIB}
  chown nordlayer:nordlayer -R ${VAR_LIB}

  chown root:nordlayer-resolve ${NORDLAYER_RESOLVCONF}
  chmod 4750 ${NORDLAYER_RESOLVCONF}
  # Ensure nordlayer-resolvconf has execute permissions
  chmod +x ${NORDLAYER_RESOLVCONF}

  # Reload config
  systemctl daemon-reload

  # Create tmpfiles
  systemd-tmpfiles --create

  # Start service on boot
  systemctl enable nordlayer.socket
  systemctl enable nordlayer.service

  # Restart service now
  systemctl start nordlayer.socket
  systemctl start nordlayer.service
   # Add current user to nordlayer group
    current_user=$(logname)
    if [ -n "$current_user" ]; then
        usermod -a -G nordlayer "$current_user"
        echo "User $current_user has been added to the 'nordlayer' group. Please log out and log back in for changes to take effect."
    else
        echo "Could not determine the current user. Please manually add the user to the 'nordlayer' group."
    fi
}

post_upgrade() {
  post_install
}

pre_remove() {
  rm -rf ${VAR_LIB}
  systemctl disable nordlayer.service
  systemctl disable nordlayer.socket

  systemctl stop nordlayer.service
  systemctl stop nordlayer.socket
}