Make ntfy run as ntfy user/group, closes #38
This commit is contained in:
parent
808b63eaa1
commit
9a56c24dbe
6 changed files with 28 additions and 3 deletions
|
@ -52,6 +52,8 @@ nfpms:
|
||||||
type: config
|
type: config
|
||||||
- src: config/ntfy.service
|
- src: config/ntfy.service
|
||||||
dst: /lib/systemd/system/ntfy.service
|
dst: /lib/systemd/system/ntfy.service
|
||||||
|
- dst: /var/cache/ntfy
|
||||||
|
type: dir
|
||||||
scripts:
|
scripts:
|
||||||
postinstall: "scripts/postinst.sh"
|
postinstall: "scripts/postinst.sh"
|
||||||
preremove: "scripts/prerm.sh"
|
preremove: "scripts/prerm.sh"
|
||||||
|
|
2
Makefile
2
Makefile
|
@ -143,4 +143,4 @@ install:
|
||||||
install-deb:
|
install-deb:
|
||||||
sudo systemctl stop ntfy || true
|
sudo systemctl stop ntfy || true
|
||||||
sudo apt-get purge ntfy || true
|
sudo apt-get purge ntfy || true
|
||||||
sudo dpkg -i dist/*.deb
|
sudo dpkg -i dist/ntfy_*_linux_amd64.deb
|
||||||
|
|
|
@ -28,6 +28,9 @@
|
||||||
# If set, messages are cached in a local SQLite database instead of only in-memory. This
|
# If set, messages are cached in a local SQLite database instead of only in-memory. This
|
||||||
# allows for service restarts without losing messages in support of the since= parameter.
|
# allows for service restarts without losing messages in support of the since= parameter.
|
||||||
#
|
#
|
||||||
|
# Note: If you are running ntfy with systemd, make sure this cache file is owned by the
|
||||||
|
# ntfy user and group by running: chown ntfy.ntfy <filename>.
|
||||||
|
#
|
||||||
# cache-file: <filename>
|
# cache-file: <filename>
|
||||||
|
|
||||||
# Duration for which messages will be buffered before they are deleted.
|
# Duration for which messages will be buffered before they are deleted.
|
||||||
|
|
|
@ -3,8 +3,11 @@ Description=ntfy server
|
||||||
After=network.target
|
After=network.target
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
|
User=ntfy
|
||||||
|
Group=ntfy
|
||||||
ExecStart=/usr/bin/ntfy
|
ExecStart=/usr/bin/ntfy
|
||||||
Restart=on-failure
|
Restart=on-failure
|
||||||
|
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
||||||
LimitNOFILE=10000
|
LimitNOFILE=10000
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
|
|
|
@ -7,6 +7,21 @@ set -e
|
||||||
# TODO: This is only tested on Debian.
|
# TODO: This is only tested on Debian.
|
||||||
#
|
#
|
||||||
if [ "$1" = "configure" ] && [ -d /run/systemd/system ]; then
|
if [ "$1" = "configure" ] && [ -d /run/systemd/system ]; then
|
||||||
|
# Create ntfy user/group
|
||||||
|
id ntfy >/dev/null 2>&1 || useradd --system --no-create-home ntfy
|
||||||
|
chown ntfy.ntfy /var/cache/ntfy
|
||||||
|
chmod 700 /var/cache/ntfy
|
||||||
|
|
||||||
|
# Hack to change permissions on cache file
|
||||||
|
configfile="/etc/ntfy/config.yml"
|
||||||
|
if [ -f "$configfile" ]; then
|
||||||
|
cachefile="$(cat "$configfile" | perl -n -e'/^\s*cache-file: (.+)/ && print $1')"
|
||||||
|
if [ -n "$cachefile" ]; then
|
||||||
|
chown ntfy.ntfy "$cachefile" || true
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Restart service
|
||||||
systemctl --system daemon-reload >/dev/null || true
|
systemctl --system daemon-reload >/dev/null || true
|
||||||
if systemctl is-active -q ntfy.service; then
|
if systemctl is-active -q ntfy.service; then
|
||||||
echo "Restarting ntfy.service ..."
|
echo "Restarting ntfy.service ..."
|
||||||
|
|
|
@ -3,6 +3,8 @@ set -e
|
||||||
|
|
||||||
# Delete the config if package is purged
|
# Delete the config if package is purged
|
||||||
if [ "$1" = "purge" ]; then
|
if [ "$1" = "purge" ]; then
|
||||||
echo "Deleting /etc/ntfy ..."
|
id ntfy >/dev/null 2>&1 && userdel ntfy
|
||||||
rm -rf /etc/ntfy || true
|
rm -f /etc/ntfy/config.yml
|
||||||
|
rmdir /etc/ntfy || true
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue