Issue #672: Run cloudflared service with user cloudflared
This commit is contained in:
parent
e454994e3e
commit
c219cc24a4
|
@ -44,6 +44,7 @@ const (
|
||||||
serviceCredentialFile = "cert.pem"
|
serviceCredentialFile = "cert.pem"
|
||||||
serviceConfigPath = serviceConfigDir + "/" + serviceConfigFile
|
serviceConfigPath = serviceConfigDir + "/" + serviceConfigFile
|
||||||
cloudflaredService = "cloudflared.service"
|
cloudflaredService = "cloudflared.service"
|
||||||
|
cloudflaredUser = "cloudflared"
|
||||||
)
|
)
|
||||||
|
|
||||||
var systemdTemplates = []ServiceTemplate{
|
var systemdTemplates = []ServiceTemplate{
|
||||||
|
@ -59,6 +60,7 @@ Type=notify
|
||||||
ExecStart={{ .Path }} --no-autoupdate{{ range .ExtraArgs }} {{ . }}{{ end }}
|
ExecStart={{ .Path }} --no-autoupdate{{ range .ExtraArgs }} {{ . }}{{ end }}
|
||||||
Restart=on-failure
|
Restart=on-failure
|
||||||
RestartSec=5s
|
RestartSec=5s
|
||||||
|
User={{ .User }}
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
|
@ -194,6 +196,7 @@ func installLinuxService(c *cli.Context) error {
|
||||||
}
|
}
|
||||||
templateArgs := ServiceTemplateArgs{
|
templateArgs := ServiceTemplateArgs{
|
||||||
Path: etPath,
|
Path: etPath,
|
||||||
|
User: cloudflaredUser,
|
||||||
}
|
}
|
||||||
|
|
||||||
var extraArgsFunc func(c *cli.Context, log *zerolog.Logger) ([]string, error)
|
var extraArgsFunc func(c *cli.Context, log *zerolog.Logger) ([]string, error)
|
||||||
|
@ -269,6 +272,13 @@ func installSystemd(templateArgs *ServiceTemplateArgs, log *zerolog.Logger) erro
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
// Create the cloudflared user if it does not exist
|
||||||
|
if err := runCommand("grep", "-qw", fmt.Sprintf("^%s", cloudflaredUser), "/etc/passwd"); err != nil {
|
||||||
|
if err := runCommand("useradd", "--system", "--no-create-home", "--home-dir=/nonexistent", "--shell=/usr/sbin/nologin", cloudflaredUser); err != nil {
|
||||||
|
log.Err(err).Msgf("useradd %s error", cloudflaredUser)
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
}
|
||||||
if err := runCommand("systemctl", "enable", cloudflaredService); err != nil {
|
if err := runCommand("systemctl", "enable", cloudflaredService); err != nil {
|
||||||
log.Err(err).Msgf("systemctl enable %s error", cloudflaredService)
|
log.Err(err).Msgf("systemctl enable %s error", cloudflaredService)
|
||||||
return err
|
return err
|
||||||
|
@ -338,6 +348,13 @@ func uninstallSystemd(log *zerolog.Logger) error {
|
||||||
if err := runCommand("systemctl", "stop", "cloudflared-update.timer"); err != nil {
|
if err := runCommand("systemctl", "stop", "cloudflared-update.timer"); err != nil {
|
||||||
log.Err(err).Msg("systemctl stop cloudflared-update.timer error")
|
log.Err(err).Msg("systemctl stop cloudflared-update.timer error")
|
||||||
return err
|
return err
|
||||||
|
}
|
||||||
|
// Delete the cloudflared user if it exists
|
||||||
|
if err := runCommand("grep", "-qw", fmt.Sprintf("^%s", cloudflaredUser), "/etc/passwd"); err == nil {
|
||||||
|
if err := runCommand("userdel", cloudflaredUser); err != nil {
|
||||||
|
log.Err(err).Msgf("userdel %s error", cloudflaredUser)
|
||||||
|
return err
|
||||||
|
}
|
||||||
}
|
}
|
||||||
for _, serviceTemplate := range systemdTemplates {
|
for _, serviceTemplate := range systemdTemplates {
|
||||||
if err := serviceTemplate.Remove(); err != nil {
|
if err := serviceTemplate.Remove(); err != nil {
|
||||||
|
|
|
@ -25,6 +25,7 @@ type ServiceTemplate struct {
|
||||||
type ServiceTemplateArgs struct {
|
type ServiceTemplateArgs struct {
|
||||||
Path string
|
Path string
|
||||||
ExtraArgs []string
|
ExtraArgs []string
|
||||||
|
User string
|
||||||
}
|
}
|
||||||
|
|
||||||
func (st *ServiceTemplate) ResolvePath() (string, error) {
|
func (st *ServiceTemplate) ResolvePath() (string, error) {
|
||||||
|
|
Loading…
Reference in New Issue