From 2f1535fbeea802f28ca42585bdee8a76ab7b2675 Mon Sep 17 00:00:00 2001 From: notplants Date: Thu, 14 Apr 2022 14:47:43 -0400 Subject: [PATCH] Update peach-web to use systemd system service --- Cargo.lock | 4 ++-- peach-config/Cargo.toml | 2 +- peach-lib/src/sbot.rs | 6 ++++-- peach-web/Cargo.toml | 2 +- peach-web/debian/peach-web.service | 10 +++------- peach-web/debian/postinst | 20 ++++++++++++++------ peach-web/src/routes/guide.rs | 2 +- peach-web/src/routes/status/scuttlebutt.rs | 5 +++-- peach-web/src/utils/sbot.rs | 6 ++---- 9 files changed, 31 insertions(+), 26 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index f70a50a..d6ffdc5 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2380,7 +2380,7 @@ dependencies = [ [[package]] name = "peach-config" -version = "0.1.17" +version = "0.1.18" dependencies = [ "clap", "env_logger 0.6.2", @@ -2510,7 +2510,7 @@ dependencies = [ [[package]] name = "peach-web" -version = "0.6.0" +version = "0.6.10" dependencies = [ "async-std", "base64 0.13.0", diff --git a/peach-config/Cargo.toml b/peach-config/Cargo.toml index 5347c57..5823fec 100644 --- a/peach-config/Cargo.toml +++ b/peach-config/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "peach-config" -version = "0.1.17" +version = "0.1.18" authors = ["Andrew Reid ", "Max Fowler "] edition = "2018" description = "Command line tool for installing, updating and configuring PeachCloud" diff --git a/peach-lib/src/sbot.rs b/peach-lib/src/sbot.rs index cca4090..ee9434f 100644 --- a/peach-lib/src/sbot.rs +++ b/peach-lib/src/sbot.rs @@ -62,8 +62,9 @@ impl SbotStatus { pub fn read() -> Result { let mut status = SbotStatus::default(); + // note this command does not need to be run as sudo + // because non-privileged users are able to run systemctl show let info_output = Command::new("systemctl") - .arg("--user") .arg("show") .arg("go-sbot.service") .arg("--no-page") @@ -83,8 +84,9 @@ impl SbotStatus { } } + // note this command does not need to be run as sudo + // because non-privileged users are able to run systemctl status let status_output = Command::new("systemctl") - .arg("--user") .arg("status") .arg("go-sbot.service") .output()?; diff --git a/peach-web/Cargo.toml b/peach-web/Cargo.toml index 0b4f9a7..3c15cb9 100644 --- a/peach-web/Cargo.toml +++ b/peach-web/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "peach-web" -version = "0.6.0" +version = "0.6.10" authors = ["Andrew Reid "] edition = "2018" description = "peach-web is a web application which provides a web interface for monitoring and interacting with the PeachCloud device. This allows administration of the single-board computer (ie. Raspberry Pi) running PeachCloud, as well as the ssb-server and related plugins." diff --git a/peach-web/debian/peach-web.service b/peach-web/debian/peach-web.service index 0891180..29e46b3 100644 --- a/peach-web/debian/peach-web.service +++ b/peach-web/debian/peach-web.service @@ -1,14 +1,10 @@ [Unit] -Description=Rocket web application for serving the PeachCloud web interface. +Description=Rule web application for serving the PeachCloud web interface. [Service] -User=peach-web -Group=www-data +User=peach +Group=peach WorkingDirectory=/usr/share/peach-web -Environment="ROCKET_ENV=prod" -Environment="ROCKET_ADDRESS=127.0.0.1" -Environment="ROCKET_PORT=3000" -Environment="ROCKET_LOG=critical" Environment="RUST_LOG=info" ExecStart=/usr/bin/peach-web Restart=always diff --git a/peach-web/debian/postinst b/peach-web/debian/postinst index c2aba8e..34085a2 100644 --- a/peach-web/debian/postinst +++ b/peach-web/debian/postinst @@ -2,8 +2,7 @@ set -e # create user which peach-web runs as -adduser --quiet --system peach-web -usermod -g peach peach-web +id -u peach &>/dev/null || adduser --quiet peach # create nginx config cat < /etc/nginx/sites-enabled/default @@ -15,16 +14,25 @@ server { rewrite ^/(.*)/$ /$1 permanent; location / { - proxy_pass http://127.0.0.1:3000; + proxy_pass http://127.0.0.1:8000; } } EOF -cat < /etc/sudoers.d/peach-web -# allow peach-web to run commands as peach-go-sbot without a password -peach-web ALL=(peach-go-sbot) NOPASSWD:ALL +# update sudoers to allow peach-web to stop and restart go-sbot.service +mkdir -p /etc/sudoers.d/ +SYSTEMCTL=$(which systemctl) +START="${SYSTEMCTL} start go-sbot.service" +RESTART="${SYSTEMCTL} restart go-sbot.service" +STOP="${SYSTEMCTL} stop go-sbot.service" +ENABLE="${SYSTEMCTL} enable go-sbot.service" +DISABLE="${SYSTEMCTL} disable go-sbot.service" + +cat < /etc/sudoers.d/peach-web +peach ALL=(ALL) NOPASSWD: $START, $STOP, $RESTART, $ENABLE, $DISABLE EOF +chmod 0440 /etc/sudoers.d/peach-web # cargo deb automatically replaces this token below, see https://github.com/mmstick/cargo-deb/blob/master/systemd.md #DEBHELPER# \ No newline at end of file diff --git a/peach-web/src/routes/guide.rs b/peach-web/src/routes/guide.rs index 5babd7c..d5fc4eb 100644 --- a/peach-web/src/routes/guide.rs +++ b/peach-web/src/routes/guide.rs @@ -29,7 +29,7 @@ pub fn build_template() -> PreEscaped { } } " to start the sbot. If the server starts successfully, you will see a green smiley face on the home page. If the face is orange and sleeping, that means the sbot is still inactive (ie. the process is not running). If the face is red and dead, that means the sbot failed to start - indicated an error. For now, the best way to gain insight into the problem is to check the systemd log. Open a terminal and enter: " - code { "systemctl --user status go-sbot.service" } + code { "systemctl status go-sbot.service" } ". The log output may give some clues about the source of the error." } } diff --git a/peach-web/src/routes/status/scuttlebutt.rs b/peach-web/src/routes/status/scuttlebutt.rs index 3630a88..b476635 100644 --- a/peach-web/src/routes/status/scuttlebutt.rs +++ b/peach-web/src/routes/status/scuttlebutt.rs @@ -53,7 +53,6 @@ fn run_on_startup_element(boot_state: &Option) -> Markup { fn database_element(state: &str) -> Markup { // retrieve the sequence number of the latest message in the sbot database let sequence_num = sbot::latest_sequence_number(); - match (state, sequence_num) { // if the state is "active" and latest_sequence_number() was successful ("active", Ok(number)) => { @@ -62,7 +61,9 @@ fn database_element(state: &str) -> Markup { label class="label-small font-gray" { "MESSAGES IN LOCAL DATABASE" } } } - (_, _) => html! { label class="label-small font-gray" { "DATABASE UNAVAILABLE" } }, + (_, _) => { + html! { label class="label-small font-gray" { "DATABASE UNAVAILABLE" } } + }, } } diff --git a/peach-web/src/utils/sbot.rs b/peach-web/src/utils/sbot.rs index f8e53f5..8a8b34c 100644 --- a/peach-web/src/utils/sbot.rs +++ b/peach-web/src/utils/sbot.rs @@ -24,8 +24,8 @@ use crate::{error::PeachWebError, utils::sbot}; /// Executes a systemctl command for the go-sbot.service process. pub fn systemctl_sbot_cmd(cmd: &str) -> io::Result { - Command::new("systemctl") - .arg("--user") + Command::new("sudo") + .arg("systemctl") .arg(cmd) .arg("go-sbot.service") .output() @@ -124,8 +124,6 @@ pub fn latest_sequence_number() -> Result> { task::block_on(async { let mut sbot_client = init_sbot_with_config(&sbot_config).await?; - debug!("sbot initialized"); - // retrieve the local id let id = sbot_client.whoami().await?;