Make ntfy run as ntfy user/group, closes #38
This commit is contained in:
parent
808b63eaa1
commit
9a56c24dbe
6 changed files with 28 additions and 3 deletions
|
@ -52,6 +52,8 @@ nfpms:
|
|||
type: config
|
||||
- src: config/ntfy.service
|
||||
dst: /lib/systemd/system/ntfy.service
|
||||
- dst: /var/cache/ntfy
|
||||
type: dir
|
||||
scripts:
|
||||
postinstall: "scripts/postinst.sh"
|
||||
preremove: "scripts/prerm.sh"
|
||||
|
|
2
Makefile
2
Makefile
|
@ -143,4 +143,4 @@ install:
|
|||
install-deb:
|
||||
sudo systemctl stop ntfy || true
|
||||
sudo apt-get purge ntfy || true
|
||||
sudo dpkg -i dist/*.deb
|
||||
sudo dpkg -i dist/ntfy_*_linux_amd64.deb
|
||||
|
|
|
@ -28,6 +28,9 @@
|
|||
# If set, messages are cached in a local SQLite database instead of only in-memory. This
|
||||
# allows for service restarts without losing messages in support of the since= parameter.
|
||||
#
|
||||
# Note: If you are running ntfy with systemd, make sure this cache file is owned by the
|
||||
# ntfy user and group by running: chown ntfy.ntfy <filename>.
|
||||
#
|
||||
# cache-file: <filename>
|
||||
|
||||
# Duration for which messages will be buffered before they are deleted.
|
||||
|
|
|
@ -3,8 +3,11 @@ Description=ntfy server
|
|||
After=network.target
|
||||
|
||||
[Service]
|
||||
User=ntfy
|
||||
Group=ntfy
|
||||
ExecStart=/usr/bin/ntfy
|
||||
Restart=on-failure
|
||||
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
||||
LimitNOFILE=10000
|
||||
|
||||
[Install]
|
||||
|
|
|
@ -7,6 +7,21 @@ set -e
|
|||
# TODO: This is only tested on Debian.
|
||||
#
|
||||
if [ "$1" = "configure" ] && [ -d /run/systemd/system ]; then
|
||||
# Create ntfy user/group
|
||||
id ntfy >/dev/null 2>&1 || useradd --system --no-create-home ntfy
|
||||
chown ntfy.ntfy /var/cache/ntfy
|
||||
chmod 700 /var/cache/ntfy
|
||||
|
||||
# Hack to change permissions on cache file
|
||||
configfile="/etc/ntfy/config.yml"
|
||||
if [ -f "$configfile" ]; then
|
||||
cachefile="$(cat "$configfile" | perl -n -e'/^\s*cache-file: (.+)/ && print $1')"
|
||||
if [ -n "$cachefile" ]; then
|
||||
chown ntfy.ntfy "$cachefile" || true
|
||||
fi
|
||||
fi
|
||||
|
||||
# Restart service
|
||||
systemctl --system daemon-reload >/dev/null || true
|
||||
if systemctl is-active -q ntfy.service; then
|
||||
echo "Restarting ntfy.service ..."
|
||||
|
|
|
@ -3,6 +3,8 @@ set -e
|
|||
|
||||
# Delete the config if package is purged
|
||||
if [ "$1" = "purge" ]; then
|
||||
echo "Deleting /etc/ntfy ..."
|
||||
rm -rf /etc/ntfy || true
|
||||
id ntfy >/dev/null 2>&1 && userdel ntfy
|
||||
rm -f /etc/ntfy/config.yml
|
||||
rmdir /etc/ntfy || true
|
||||
fi
|
||||
|
||||
|
|
Loading…
Reference in a new issue