mirror of
https://github.com/freedombox/FreedomBox.git
synced 2026-01-28 08:03:36 +00:00
fb8ac3b748
- No need to have /etc/default/infinoted file. It is not used in the systemd service. - Enable directory sync plugin so that plaing text files are always available on server. - Enable automatic save every 60 seconds with autosave plugin. - Enhanced logging by enabling logging plugin. - Remove double quotes in system user name.
180 lines
4.9 KiB
Python
Executable File
180 lines
4.9 KiB
Python
Executable File
#!/usr/bin/python3
|
|
# -*- mode: python -*-
|
|
#
|
|
# This file is part of Plinth.
|
|
#
|
|
# This program is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU Affero General Public License as
|
|
# published by the Free Software Foundation, either version 3 of the
|
|
# License, or (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU Affero General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU Affero General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
#
|
|
|
|
"""
|
|
Configuration helper for infinoted.
|
|
"""
|
|
|
|
import argparse
|
|
import grp
|
|
import os
|
|
import pwd
|
|
import shutil
|
|
import subprocess
|
|
|
|
from plinth import action_utils
|
|
|
|
|
|
DATA_DIR = '/var/lib/infinoted'
|
|
KEY_DIR = '/etc/infinoted'
|
|
|
|
CONF_PATH = '/etc/xdg/infinoted.conf'
|
|
CONF = '''
|
|
[infinoted]
|
|
|
|
# Possible values : no-tls, allow-tls, require-tls
|
|
security-policy=require-tls
|
|
|
|
# Absolute path of the certificate file.
|
|
certificate-file=/etc/infinoted/infinoted-cert.pem
|
|
|
|
# Absolute path of the private key file.
|
|
key-file=/etc/infinoted/infinoted-key.pem
|
|
|
|
# Enable plugins
|
|
plugins=note-text;autosave;logging;directory-sync
|
|
|
|
# Specify a path to use a root certificate instead of a certificate-key pair.
|
|
#certificate-chain=
|
|
|
|
#password=
|
|
|
|
# Automatically save documents every few seconds
|
|
[autosave]
|
|
|
|
# Setting this to 0 disables autosave.
|
|
interval=60
|
|
|
|
# Synchronize files to another directory in plain text format
|
|
[directory-sync]
|
|
|
|
# Directory to sync plain text files
|
|
directory=/var/lib/infinoted/sync
|
|
|
|
# Synchronize seconds
|
|
interval=60
|
|
|
|
# Log additional events
|
|
[logging]
|
|
|
|
# Log when users connect or disconnect
|
|
log-connections=true
|
|
|
|
# Log errors with client connections such as a connection reset
|
|
log-connection-errors=true
|
|
'''
|
|
|
|
SYSTEMD_SERVICE_PATH = '/etc/systemd/system/infinoted.service'
|
|
SYSTEMD_SERVICE = '''
|
|
#
|
|
# This file is managed and overwritten by Plinth. If you wish to edit
|
|
# it, disable infinoted in Plinth, remove this file and manage it manually.
|
|
#
|
|
|
|
[Unit]
|
|
Description=collaborative text editor service
|
|
Documentation=man:infinoted(1)
|
|
After=network.target
|
|
|
|
[Service]
|
|
User=infinoted
|
|
Group=infinoted
|
|
ExecStart=/usr/bin/infinoted
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
'''
|
|
|
|
|
|
def parse_arguments():
|
|
"""Return parsed command line arguments as dictionary."""
|
|
parser = argparse.ArgumentParser()
|
|
subparsers = parser.add_subparsers(dest='subcommand', help='Sub command')
|
|
|
|
subparsers.add_parser('setup', help='Configure infinoted after install')
|
|
|
|
return parser.parse_args()
|
|
|
|
|
|
def subcommand_setup(_):
|
|
"""Configure infinoted after install."""
|
|
if not os.path.isfile(CONF_PATH):
|
|
with open(CONF_PATH, 'w') as file_handle:
|
|
file_handle.write(CONF)
|
|
|
|
if not os.path.isfile(SYSTEMD_SERVICE_PATH):
|
|
with open(SYSTEMD_SERVICE_PATH, 'w') as file_handle:
|
|
file_handle.write(SYSTEMD_SERVICE)
|
|
|
|
subprocess.check_call(['systemctl', 'daemon-reload'])
|
|
|
|
# Create infinoted group if needed.
|
|
try:
|
|
grp.getgrnam('infinoted')
|
|
except KeyError:
|
|
subprocess.run(['addgroup', '--system', 'infinoted'], check=True)
|
|
|
|
# Create infinoted user is needed.
|
|
try:
|
|
pwd.getpwnam('infinoted')
|
|
except KeyError:
|
|
subprocess.run(['adduser', '--system', '--ingroup', 'infinoted',
|
|
'--home', DATA_DIR,
|
|
'--gecos', 'Infinoted collaborative editing server',
|
|
'infinoted'], check=True)
|
|
|
|
if not os.path.exists(DATA_DIR):
|
|
os.makedirs(DATA_DIR, mode=0o750)
|
|
shutil.chown(DATA_DIR, user='infinoted', group='infinoted')
|
|
|
|
if not os.path.exists(KEY_DIR):
|
|
os.makedirs(KEY_DIR, mode=0o750)
|
|
shutil.chown(KEY_DIR, user='infinoted', group='infinoted')
|
|
|
|
if not os.path.exists(KEY_DIR + '/infinoted-cert.pem'):
|
|
old_umask = os.umask(0o027)
|
|
try:
|
|
# infinoted doesn't have a "create key and exit" mode. Run as
|
|
# daemon so we can stop after.
|
|
subprocess.run(['infinoted', '--create-key',
|
|
'--create-certificate', '--daemonize'], check=True)
|
|
subprocess.run(['infinoted', '--kill-daemon'], check=True)
|
|
finally:
|
|
os.umask(old_umask)
|
|
|
|
shutil.chown(KEY_DIR + '/infinoted-cert.pem',
|
|
user='infinoted', group='infinoted')
|
|
shutil.chown(KEY_DIR + '/infinoted-key.pem',
|
|
user='infinoted', group='infinoted')
|
|
|
|
action_utils.service_enable('infinoted')
|
|
|
|
|
|
def main():
|
|
"""Parse arguments and perform all duties."""
|
|
arguments = parse_arguments()
|
|
|
|
subcommand = arguments.subcommand.replace('-', '_')
|
|
subcommand_method = globals()['subcommand_' + subcommand]
|
|
subcommand_method(arguments)
|
|
|
|
|
|
if __name__ == '__main__':
|
|
main()
|