diff --git a/Cargo.toml b/Cargo.toml index 76a495b..1151d6c 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -32,5 +32,7 @@ maintainer-scripts="debian" systemd-units = { unit-name = "peach-dyndns-server" } assets = [ ["target/release/peach-dyndns-server", "usr/bin/", "755"], -] - + ["debian/reloadbind", "usr/bin/", "755"], + ["debian/bindctl", "/etc/sudoers.d/bindctl", "655"], + ["templates/*", "/srv/peachcloud/peach-dyndns-server/prod-peach-dyndns/templates/", "644"], +] \ No newline at end of file diff --git a/README.md b/README.md index bb0e290..4d47f66 100644 --- a/README.md +++ b/README.md @@ -4,23 +4,31 @@ a dynamic DNS server to host the names of guests with changing IP addresses by providing an http API for updating bind9 configurations. -## setup +## Setup The code in this repo assumes the existence of an installed and running bind9 server on the same server as is running peach-dyndns-server. Documentation for setting up bind9 can be found [here](docs/setup-bind-for-peach-dyndns.md). The peach-dyndns-server code can be compiled with ``` -cargo build --release +cargo deb; sudo dpkg -i target/debian/peach-dyndns-server_0.1.0_amd64.deb ``` -## run +## Development ``` sudo su peach-dyndns; ./target/release/main -vv ``` -## test +## Prod Deployment + +prod is deployed to /srv/peachcloud/peach-dyndns-server/prod-peach-dyndns + +## Staging Deployment + +staging is deployed to /srv/peachcloud/peach-dyndns-server/dev-peach-dyndns + +## Test test peach-dyndns server is running, ``` diff --git a/debian/bindctl b/debian/bindctl new file mode 100644 index 0000000..498fd05 --- /dev/null +++ b/debian/bindctl @@ -0,0 +1,12 @@ +# +# Allow peach-dyndns to reload bind as sudo +# + +# User alias for bind-ctl which can reload bind +User_Alias BIND_CTRL = peach-dyndns + +# Command alias for reboot and shutdown +Cmnd_Alias RELOADBIND = /usr/bin/reloadbind + +# Allow BIND_CTRL users to execute RELOADBIND command without password +BIND_CTRL ALL=(ALL) NOPASSWD: RELOADBIND \ No newline at end of file diff --git a/debian/peach-dyndns-server.service b/debian/peach-dyndns-server.service index 9086591..29b738e 100644 --- a/debian/peach-dyndns-server.service +++ b/debian/peach-dyndns-server.service @@ -6,7 +6,9 @@ Type=simple User=peach-dyndns Group=bind Environment="RUST_LOG=info" -ExecStart=/usr/bin/peach-dyndns-server +Environment="ROCKET_PORT=3002" +WorkingDirectory=/srv/peachcloud/peach-dyndns-server/prod-peach-dyndns +ExecStart=/usr/bin/peach-dyndns-server -vv Restart=always [Install] diff --git a/debian/postinst b/debian/postinst new file mode 100644 index 0000000..b852074 --- /dev/null +++ b/debian/postinst @@ -0,0 +1,15 @@ +#!/bin/sh +set -e + +# create user which peach-dyndns-server runs as +adduser --quiet --system peach-dyndns + +# add user to bind group +usermod -a -G bind peach-dyndns + +# set permissions +chown peach-dyndns /usr/bin/peach-dyndns-server +chown peach-dyndns /usr/bin/reloadbind + +# cargo deb automatically replaces this token below, see https://github.com/mmstick/cargo-deb/blob/master/systemd.md +#DEBHELPER# \ No newline at end of file diff --git a/debian/reloadbind b/debian/reloadbind new file mode 100644 index 0000000..e99b790 --- /dev/null +++ b/debian/reloadbind @@ -0,0 +1,2 @@ +#!/usr/bin/env bash +/bin/systemctl reload bind9 \ No newline at end of file diff --git a/deploy_prod.sh b/deploy_prod.sh new file mode 100644 index 0000000..750c70d --- /dev/null +++ b/deploy_prod.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env bash +# this script rebuilds the peach-dyndns-server for prod deployment using the dev folder as the source repo +cd /srv/peachcloud/peach-dyndns-server/dev-peach-dyndns +cargo deb +sudo dpkg -i target/debian/peach-dyndns-server_0.1.0_amd64.deb +sudo systemctl restart peach-dyndns-server +sudo systemctl restart nginx \ No newline at end of file diff --git a/src/generate_zone.rs b/src/generate_zone.rs index a5108d5..3fb1dcd 100644 --- a/src/generate_zone.rs +++ b/src/generate_zone.rs @@ -131,7 +131,7 @@ pub fn generate_zone(full_domain: &str) -> Result { // we use the /etc/sudoers.d/bindctl to allow peach-dyndns user to restart bind as sudo without entering a password // using a binary at /bin/reloadbind which runs 'systemctl reload bind9' let status = Command::new("sudo") - .arg("/bin/reloadbind") + .arg("/usr/bin/reloadbind") .status().expect("error restarting bind9"); if !status.success() { return Err(PeachDynError::BindConfigurationError("There was an error in the bind configuration".to_string())); diff --git a/src/main.rs b/src/main.rs index 17a32bd..4b7750c 100644 --- a/src/main.rs +++ b/src/main.rs @@ -4,8 +4,7 @@ extern crate rocket; use crate::routes::{index, register_domain, check_available}; -use rocket::Config; -use rocket::figment::{Figment, Profile, providers::{Format, Toml, Serialized, Env}}; +use rocket::figment::{Figment, providers::{Format, Toml, Env}}; mod cli; mod routes; @@ -18,9 +17,10 @@ async fn main() { let _args = cli::args().expect("error parsing args"); // the following config says to use all default rocket configs - // and then override them with any configs specified in Rocket.toml + // and then override them with any configs specified in Rocket.toml if found + // and then override with any configs specified as env variables prefixed with APP_ let config = Figment::from(rocket::Config::default()) - .merge(Toml::file("Rocket.toml").nested()); + .merge(Toml::file("Rocket.toml").nested()).merge(Env::prefixed("ROCKET_").global()); let rocket_result = rocket::custom(config) .mount("/", routes![index, register_domain, check_available])