PeachCloud
/
peach-workspace
3
2
Fork 1
Code Issues 17 Pull Requests Projects Releases Wiki Activity

Update peach-web to use systemd system service

This commit is contained in:
notplants 2022-04-14 14:47:43 -04:00
parent b75aadd62d
commit 2f1535fbee
9 changed files with 31 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Cargo.lock generated
View File

@ -2380,7 +2380,7 @@ dependencies = [
[[package]] [[package]]
name = "peach-config" name = "peach-config"
version = "0.1.17" version = "0.1.18"
dependencies = [ dependencies = [
"clap", "clap",
"env_logger 0.6.2", "env_logger 0.6.2",
@ -2510,7 +2510,7 @@ dependencies = [
[[package]] [[package]]
name = "peach-web" name = "peach-web"
version = "0.6.0" version = "0.6.10"
dependencies = [ dependencies = [
"async-std", "async-std",
"base64 0.13.0", "base64 0.13.0",

2
peach-config/Cargo.toml
View File

@ -1,6 +1,6 @@
[package] [package]
name = "peach-config" name = "peach-config"
version = "0.1.17" version = "0.1.18"
authors = ["Andrew Reid <gnomad@cryptolab.net>", "Max Fowler <max@mfowler.info>"] authors = ["Andrew Reid <gnomad@cryptolab.net>", "Max Fowler <max@mfowler.info>"]
edition = "2018" edition = "2018"
description = "Command line tool for installing, updating and configuring PeachCloud" description = "Command line tool for installing, updating and configuring PeachCloud"

6
peach-lib/src/sbot.rs
View File

@ -62,8 +62,9 @@ impl SbotStatus {
pub fn read() -> Result<Self, PeachError> { pub fn read() -> Result<Self, PeachError> {
let mut status = SbotStatus::default(); let mut status = SbotStatus::default();
// note this command does not need to be run as sudo
// because non-privileged users are able to run systemctl show
let info_output = Command::new("systemctl") let info_output = Command::new("systemctl")
.arg("--user")
.arg("show") .arg("show")
.arg("go-sbot.service") .arg("go-sbot.service")
.arg("--no-page") .arg("--no-page")
@ -83,8 +84,9 @@ impl SbotStatus {
} }
} }
// note this command does not need to be run as sudo
// because non-privileged users are able to run systemctl status
let status_output = Command::new("systemctl") let status_output = Command::new("systemctl")
.arg("--user")
.arg("status") .arg("status")
.arg("go-sbot.service") .arg("go-sbot.service")
.output()?; .output()?;

2
peach-web/Cargo.toml
View File

@ -1,6 +1,6 @@
[package] [package]
name = "peach-web" name = "peach-web"
version = "0.6.0" version = "0.6.10"
authors = ["Andrew Reid <gnomad@cryptolab.net>"] authors = ["Andrew Reid <gnomad@cryptolab.net>"]
edition = "2018" edition = "2018"
description = "peach-web is a web application which provides a web interface for monitoring and interacting with the PeachCloud device. This allows administration of the single-board computer (ie. Raspberry Pi) running PeachCloud, as well as the ssb-server and related plugins." description = "peach-web is a web application which provides a web interface for monitoring and interacting with the PeachCloud device. This allows administration of the single-board computer (ie. Raspberry Pi) running PeachCloud, as well as the ssb-server and related plugins."

10
peach-web/debian/peach-web.service
View File

@ -1,14 +1,10 @@
[Unit] [Unit]
Description=Rocket web application for serving the PeachCloud web interface. Description=Rule web application for serving the PeachCloud web interface.
[Service] [Service]
User=peach-web User=peach
Group=www-data Group=peach
WorkingDirectory=/usr/share/peach-web WorkingDirectory=/usr/share/peach-web
Environment="ROCKET_ENV=prod"
Environment="ROCKET_ADDRESS=127.0.0.1"
Environment="ROCKET_PORT=3000"
Environment="ROCKET_LOG=critical"
Environment="RUST_LOG=info" Environment="RUST_LOG=info"
ExecStart=/usr/bin/peach-web ExecStart=/usr/bin/peach-web
Restart=always Restart=always

20
peach-web/debian/postinst
View File

@ -2,8 +2,7 @@
set -e set -e
# create user which peach-web runs as # create user which peach-web runs as
adduser --quiet --system peach-web id -u peach &>/dev/null || adduser --quiet peach
usermod -g peach peach-web
# create nginx config # create nginx config
cat <<EOF > /etc/nginx/sites-enabled/default cat <<EOF > /etc/nginx/sites-enabled/default
@ -15,16 +14,25 @@ server {
rewrite ^/(.*)/$ /$1 permanent; rewrite ^/(.*)/$ /$1 permanent;
location / { location / {
proxy_pass http://127.0.0.1:3000; proxy_pass http://127.0.0.1:8000;
} }
} }
EOF EOF
cat <<EOF > /etc/sudoers.d/peach-web # update sudoers to allow peach-web to stop and restart go-sbot.service
# allow peach-web to run commands as peach-go-sbot without a password mkdir -p /etc/sudoers.d/
peach-web ALL=(peach-go-sbot) NOPASSWD:ALL
SYSTEMCTL=$(which systemctl)
START="${SYSTEMCTL} start go-sbot.service"
RESTART="${SYSTEMCTL} restart go-sbot.service"
STOP="${SYSTEMCTL} stop go-sbot.service"
ENABLE="${SYSTEMCTL} enable go-sbot.service"
DISABLE="${SYSTEMCTL} disable go-sbot.service"
cat <<EOF > /etc/sudoers.d/peach-web
peach ALL=(ALL) NOPASSWD: $START, $STOP, $RESTART, $ENABLE, $DISABLE
EOF EOF
chmod 0440 /etc/sudoers.d/peach-web
# cargo deb automatically replaces this token below, see https://github.com/mmstick/cargo-deb/blob/master/systemd.md # cargo deb automatically replaces this token below, see https://github.com/mmstick/cargo-deb/blob/master/systemd.md
#DEBHELPER# #DEBHELPER#

2
peach-web/src/routes/guide.rs
View File

@ -29,7 +29,7 @@ pub fn build_template() -> PreEscaped<String> {
} }
} }
" to start the sbot. If the server starts successfully, you will see a green smiley face on the home page. If the face is orange and sleeping, that means the sbot is still inactive (ie. the process is not running). If the face is red and dead, that means the sbot failed to start - indicated an error. For now, the best way to gain insight into the problem is to check the systemd log. Open a terminal and enter: " " to start the sbot. If the server starts successfully, you will see a green smiley face on the home page. If the face is orange and sleeping, that means the sbot is still inactive (ie. the process is not running). If the face is red and dead, that means the sbot failed to start - indicated an error. For now, the best way to gain insight into the problem is to check the systemd log. Open a terminal and enter: "
code { "systemctl --user status go-sbot.service" } code { "systemctl status go-sbot.service" }
". The log output may give some clues about the source of the error." ". The log output may give some clues about the source of the error."
} }
} }

5
peach-web/src/routes/status/scuttlebutt.rs
View File

@ -53,7 +53,6 @@ fn run_on_startup_element(boot_state: &Option<String>) -> Markup {
fn database_element(state: &str) -> Markup { fn database_element(state: &str) -> Markup {
// retrieve the sequence number of the latest message in the sbot database // retrieve the sequence number of the latest message in the sbot database
let sequence_num = sbot::latest_sequence_number(); let sequence_num = sbot::latest_sequence_number();
match (state, sequence_num) { match (state, sequence_num) {
// if the state is "active" and latest_sequence_number() was successful // if the state is "active" and latest_sequence_number() was successful
("active", Ok(number)) => { ("active", Ok(number)) => {
@ -62,7 +61,9 @@ fn database_element(state: &str) -> Markup {
label class="label-small font-gray" { "MESSAGES IN LOCAL DATABASE" } label class="label-small font-gray" { "MESSAGES IN LOCAL DATABASE" }
} }
} }
(_, _) => html! { label class="label-small font-gray" { "DATABASE UNAVAILABLE" } }, (_, _) => {
html! { label class="label-small font-gray" { "DATABASE UNAVAILABLE" } }
},
} }
} }

6
peach-web/src/utils/sbot.rs
View File

@ -24,8 +24,8 @@ use crate::{error::PeachWebError, utils::sbot};
/// Executes a systemctl command for the go-sbot.service process. /// Executes a systemctl command for the go-sbot.service process.
pub fn systemctl_sbot_cmd(cmd: &str) -> io::Result<Output> { pub fn systemctl_sbot_cmd(cmd: &str) -> io::Result<Output> {
Command::new("systemctl") Command::new("sudo")
.arg("--user") .arg("systemctl")
.arg(cmd) .arg(cmd)
.arg("go-sbot.service") .arg("go-sbot.service")
.output() .output()
@ -124,8 +124,6 @@ pub fn latest_sequence_number() -> Result<u64, Box<dyn Error>> {
task::block_on(async { task::block_on(async {
let mut sbot_client = init_sbot_with_config(&sbot_config).await?; let mut sbot_client = init_sbot_with_config(&sbot_config).await?;
debug!("sbot initialized");
// retrieve the local id // retrieve the local id
let id = sbot_client.whoami().await?; let id = sbot_client.whoami().await?;