CodeMirror/ntfy
1
0
Fork 0
mirror of https://github.com/binwiederhier/ntfy.git synced 2024-05-21 04:42:38 +12:00
Code Issues Projects Releases Wiki Activity

Make ntfy run as ntfy user/group, closes #38

Browse source
This commit is contained in:
Philipp Heckel 2021-12-08 22:08:44 -05:00
parent 808b63eaa1
commit 9a56c24dbe
6 changed files with 28 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.goreleaser.yml
View file

@ -52,6 +52,8 @@ nfpms:
type: config type: config
- src: config/ntfy.service - src: config/ntfy.service
dst: /lib/systemd/system/ntfy.service dst: /lib/systemd/system/ntfy.service
- dst: /var/cache/ntfy
type: dir
scripts: scripts:
postinstall: "scripts/postinst.sh" postinstall: "scripts/postinst.sh"
preremove: "scripts/prerm.sh" preremove: "scripts/prerm.sh"

2
Makefile
View file

@ -143,4 +143,4 @@ install:
install-deb: install-deb:
sudo systemctl stop ntfy || true sudo systemctl stop ntfy || true
sudo apt-get purge ntfy || true sudo apt-get purge ntfy || true
sudo dpkg -i dist/*.deb sudo dpkg -i dist/ntfy_*_linux_amd64.deb

3
config/config.yml
View file

@ -28,6 +28,9 @@
# If set, messages are cached in a local SQLite database instead of only in-memory. This # If set, messages are cached in a local SQLite database instead of only in-memory. This
# allows for service restarts without losing messages in support of the since= parameter. # allows for service restarts without losing messages in support of the since= parameter.
# #
# Note: If you are running ntfy with systemd, make sure this cache file is owned by the
# ntfy user and group by running: chown ntfy.ntfy <filename>.
#
# cache-file: <filename> # cache-file: <filename>
# Duration for which messages will be buffered before they are deleted. # Duration for which messages will be buffered before they are deleted.

3
config/ntfy.service
View file

@ -3,8 +3,11 @@ Description=ntfy server
After=network.target After=network.target
[Service] [Service]
User=ntfy
Group=ntfy
ExecStart=/usr/bin/ntfy ExecStart=/usr/bin/ntfy
Restart=on-failure Restart=on-failure
AmbientCapabilities=CAP_NET_BIND_SERVICE
LimitNOFILE=10000 LimitNOFILE=10000
[Install] [Install]

15
scripts/postinst.sh
View file

@ -7,6 +7,21 @@ set -e
# TODO: This is only tested on Debian. # TODO: This is only tested on Debian.
# #
if [ "$1" = "configure" ] && [ -d /run/systemd/system ]; then if [ "$1" = "configure" ] && [ -d /run/systemd/system ]; then
# Create ntfy user/group
id ntfy >/dev/null 2>&1 || useradd --system --no-create-home ntfy
chown ntfy.ntfy /var/cache/ntfy
chmod 700 /var/cache/ntfy
# Hack to change permissions on cache file
configfile="/etc/ntfy/config.yml"
if [ -f "$configfile" ]; then
cachefile="$(cat "$configfile" | perl -n -e'/^\s*cache-file: (.+)/ && print $1')"
if [ -n "$cachefile" ]; then
chown ntfy.ntfy "$cachefile" || true
fi
fi
# Restart service
systemctl --system daemon-reload >/dev/null || true systemctl --system daemon-reload >/dev/null || true
if systemctl is-active -q ntfy.service; then if systemctl is-active -q ntfy.service; then
echo "Restarting ntfy.service ..." echo "Restarting ntfy.service ..."

6
scripts/postrm.sh
View file

@ -3,6 +3,8 @@ set -e
# Delete the config if package is purged # Delete the config if package is purged
if [ "$1" = "purge" ]; then if [ "$1" = "purge" ]; then
echo "Deleting /etc/ntfy ..." id ntfy >/dev/null 2>&1 && userdel ntfy
rm -rf /etc/ntfy || true rm -f /etc/ntfy/config.yml
rmdir /etc/ntfy || true
fi fi