Deployment script draft (including openrc, user and group management).

2023-02-11 12:32:37 +01:00 · 2023-02-11 12:32:37 +01:00 · bd11b4bdef
parent e723717d53
commit bd11b4bdef
2 changed files with 113 additions and 0 deletions
--- a/47
+++ b/47
@ -0,0 +1,47 @@
+all:
+
+deploy: create-users deploy-openrc
+undeploy: remove-users remove-openrc
+
+remove-users:
+	@grep _auth /etc/passwd >/dev/null && \
+		deluser _auth && echo "user _auth has been removed" || \
+				echo "user _auth already was deleted"
+	@grep _filestorage /etc/passwd >/dev/null && \
+		deluser _filestorage && echo "user _filestorage has been removed" || \
+				echo "user _filestorage already was deleted"
+	@grep _ipc /etc/group >/dev/null && \
+		delgroup _ipc && echo "group _ipc has been removed" || \
+				echo "group _ipc already was deleted"
+
+remove-openrc:
+	rm /etc/init.d/authd
+	rm /etc/init.d/filestoraged
+
+GROUP ?= _ipc
+# BusyBox addgroup [-g GID] [-S] [USER] GROUP
+# -g GID -S (system group)
+group-ipc:
+	@grep $(GROUP) /etc/group >/dev/null && echo "group $(GROUP) already exists" || \
+		(addgroup -S $(GROUP) && echo "group $(GROUP) has been created")
+
+# BusyBox adduser [OPTIONS] USER [GROUP]
+# -S (system user) -H (no mkdir) -s SHELL -g GECOS -G GROUP -D (no pass) -h HOME
+user-auth: group-ipc
+	@grep _auth /etc/passwd >/dev/null && echo "user _auth already exists" || \
+		(adduser -S -H -s /bin/false -g "IPC auth daemon" -G $(GROUP) -D _auth && \
+			echo "user _auth has been created")
+
+user-filestorage: group-ipc
+	@grep _filestorage /etc/passwd >/dev/null && echo "user _filestorage already exists" || \
+		(adduser -S -H -s /bin/false -g "IPC filestorage daemon" -G $(GROUP) -D _filestorage && \
+			echo "user _filestorage has been created")
+
+create-users: user-auth user-filestorage
+
+deploy-openrc-authd:
+	install -m0400 openrc/authd /etc/init.d/
+deploy-openrc-filestoraged:
+	install -m0400 openrc/filestoraged /etc/init.d/
+
+deploy-openrc: deploy-openrc-authd deploy-openrc-filestoraged
--- a/openrc/authd
+++ b/openrc/authd
@ -0,0 +1,66 @@
+#!/sbin/openrc-run
+
+: ${cfgfile:="/etc/baguette/auth.yml"}
+: ${auth_password_file:="/etc/baguette/auth-password"}
+
+command_user="_auth:_ipc"
+
+# The command cannot go background by itself and cannot write its own PID.
+command_background=true
+
+description="Authentication daemon"
+description_checkconfig="Verify configuration file (TODO)"
+description_reload="Reload configuration (TODO)"
+description_debug="Print actual command line to run (TODO)"
+
+extra_commands="checkconfig debug"
+extra_started_commands="reload"
+
+pidfile="${AUTHD_PIDFILE:-"/run/$RC_SVCNAME.pid"}"
+command="${AUTHD_BINARY:-"/usr/local/bin/authd"}"
+command_args="${command_args:-${AUTHD_OPTS:- -k $auth_password_file}}"
+
+depend() {
+	provide auth
+}
+
+required_files="$cfgfile $auth_password_file"
+
+debug() {
+	ewarn Hello this is debug.
+	ewarn auth_password_file: $auth_password_file
+	ewarn pidfile: $pidfile
+	ewarn command: $command
+	ewarn command_args: $command_args
+}
+
+checkconfig() {
+	if [ ! -d /run/ipc   ] ; then
+		mkdir -p /run/ipc || return 1
+	fi
+
+	# "$command" -t $command_args || return 1
+	ewarn "authd cannot check its own configuration files, yet"
+	return 0
+}
+
+start_pre() {
+	checkconfig
+}
+
+stop_pre() {
+	if [ "${RC_CMD}" = "restart" ] ; then
+		checkconfig || return 1
+	fi
+}
+
+reload() {
+	ewarn "Reloading: not available, let's just restart."
+#	checkconfig || return 1
+	restart || return 1
+
+#	ebegin "Reloading $RC_SVCNAME"
+#	start-stop-daemon --signal HUP \
+#		--exec "$command" --pidfile "$pidfile"
+#	eend $?
+}