diff options
-rw-r--r-- | .dockerignore | 1 | ||||
-rw-r--r-- | Makefile | 6 | ||||
-rw-r--r-- | PKGBUILD | 6 | ||||
-rw-r--r-- | configs/kvmd/main/v1-hdmi.yaml | 6 | ||||
-rw-r--r-- | configs/kvmd/main/v1-vga.yaml | 6 | ||||
-rw-r--r-- | configs/nginx/nginx.conf | 5 | ||||
-rw-r--r-- | configs/os/systemd/kvmd-ipmi.service | 6 | ||||
-rw-r--r-- | configs/os/systemd/kvmd-nginx.service | 6 | ||||
-rw-r--r-- | configs/os/systemd/kvmd-tc358743.service | 2 | ||||
-rw-r--r-- | configs/os/systemd/kvmd.service | 2 | ||||
-rw-r--r-- | configs/os/tmpfiles.conf | 1 | ||||
-rw-r--r-- | kvmd.install | 37 | ||||
-rwxr-xr-x | scripts/kvmd-gencert | 2 | ||||
-rw-r--r-- | testenv/Dockerfile | 1 | ||||
-rw-r--r-- | testenv/main.yaml | 6 |
15 files changed, 56 insertions, 37 deletions
diff --git a/.dockerignore b/.dockerignore index c4c723c2..d2d289e0 100644 --- a/.dockerignore +++ b/.dockerignore @@ -4,6 +4,7 @@ /build/ /dist/ /kvmd.egg-info/ +/testenv/run/ /testenv/.tox/ /testenv/.mypy_cache/ /.git/ @@ -50,7 +50,7 @@ tox: testenv run: testenv sudo modprobe loop - docker run --rm --name kvmd \ - --volume `pwd`/testenv/run:/run:rw \ + --volume `pwd`/testenv/run:/run/kvmd:rw \ --volume `pwd`/testenv:/testenv:ro \ --volume `pwd`/kvmd:/kvmd:ro \ --volume `pwd`/web:/usr/share/kvmd/web:ro \ @@ -65,7 +65,7 @@ run: testenv && cp /usr/share/kvmd/configs.default/kvmd/*.yaml /etc/kvmd \ && cp /usr/share/kvmd/configs.default/kvmd/*passwd /etc/kvmd \ && cp /testenv/main.yaml /etc/kvmd \ - && nginx -c /etc/kvmd/nginx/nginx.conf \ + && nginx -c /etc/kvmd/nginx/nginx.conf -g 'user http; error_log stderr;' \ && ln -s $(TESTENV_VIDEO) /dev/kvmd-video \ && (losetup -d /dev/kvmd-msd || true) \ && losetup /dev/kvmd-msd /root/loop.img \ @@ -76,7 +76,7 @@ run: testenv run-ipmi: testenv - docker run --rm --name kvmd-ipmi \ - --volume `pwd`/testenv/run:/run:rw \ + --volume `pwd`/testenv/run:/run/kvmd:rw \ --volume `pwd`/testenv:/testenv:ro \ --volume `pwd`/kvmd:/kvmd:ro \ --volume `pwd`/configs:/usr/share/kvmd/configs.default:ro \ @@ -65,6 +65,7 @@ package_kvmd() { mkdir -p "$pkgdir/usr/lib/systemd/system" cp configs/os/systemd/*.service "$pkgdir/usr/lib/systemd/system" + cp configs/os/tmpfiles.conf "$pkgdir/usr/lib/tmpfiles.d/kvmd.conf" mkdir -p "$pkgdir/usr/share/kvmd" cp -r web "$pkgdir/usr/share/kvmd" @@ -78,7 +79,7 @@ package_kvmd() { find "$pkgdir" -name ".gitignore" -delete sed -i -e "s/^#PROD//g" "$_cfgdir/nginx/nginx.conf" find "$_cfgdir" -type f -exec chmod 444 '{}' \; - chmod 440 "$_cfgdir/kvmd"/*passwd + chmod 400 "$_cfgdir/kvmd"/*passwd mkdir -p "$pkgdir/etc/kvmd/nginx/ssl" chmod 750 "$pkgdir/etc/kvmd/nginx/ssl" @@ -87,7 +88,8 @@ package_kvmd() { done rm "$pkgdir/etc/kvmd"/{auth.yaml,meta.yaml} cp "$_cfgdir/kvmd"/{auth.yaml,meta.yaml} "$pkgdir/etc/kvmd" - cp -a "$_cfgdir/kvmd/"*passwd "$pkgdir/etc/kvmd" + cp "$_cfgdir/kvmd/"*passwd "$pkgdir/etc/kvmd" + chmod 600 "$_cfgdir/kvmd/"*passwd for path in "$_cfgdir/nginx"/*.conf; do ln -sf "/usr/share/kvmd/configs.default/nginx/`basename $path`" "$pkgdir/etc/kvmd/nginx" done diff --git a/configs/kvmd/main/v1-hdmi.yaml b/configs/kvmd/main/v1-hdmi.yaml index 64dfbffb..f3403eca 100644 --- a/configs/kvmd/main/v1-hdmi.yaml +++ b/configs/kvmd/main/v1-hdmi.yaml @@ -5,7 +5,7 @@ logging: !include logging.yaml kvmd: server: - unix: /run/kvmd.sock + unix: /run/kvmd/kvmd.sock unix_rm: true unix_mode: 0660 @@ -27,7 +27,7 @@ kvmd: device: /dev/kvmd-msd streamer: - unix: /run/ustreamer.sock + unix: /run/kvmd/ustreamer.sock cmd: - "/usr/bin/ustreamer" - "--device=/dev/kvmd-video" @@ -45,4 +45,4 @@ kvmd: ipmi: kvmd: - unix: /run/kvmd.sock + unix: /run/kvmd/kvmd.sock diff --git a/configs/kvmd/main/v1-vga.yaml b/configs/kvmd/main/v1-vga.yaml index 0ace92e0..80e82bb9 100644 --- a/configs/kvmd/main/v1-vga.yaml +++ b/configs/kvmd/main/v1-vga.yaml @@ -5,7 +5,7 @@ logging: !include logging.yaml kvmd: server: - unix: /run/kvmd.sock + unix: /run/kvmd/kvmd.sock unix_rm: true unix_mode: 0660 @@ -30,7 +30,7 @@ kvmd: cap_pin: 17 conv_pin: 18 init_restart_after: 1 - unix: /run/ustreamer.sock + unix: /run/kvmd/ustreamer.sock cmd: - "/usr/bin/ustreamer" - "--device=/dev/kvmd-video" @@ -49,4 +49,4 @@ kvmd: ipmi: kvmd: - unix: /run/kvmd.sock + unix: /run/kvmd/kvmd.sock diff --git a/configs/nginx/nginx.conf b/configs/nginx/nginx.conf index 7246f1e3..9984d686 100644 --- a/configs/nginx/nginx.conf +++ b/configs/nginx/nginx.conf @@ -1,4 +1,3 @@ -user kvmd-nginx; worker_processes 4; # error_log /tmp/kvmd-nginx.error.log; @@ -35,11 +34,11 @@ http { uwsgi_temp_path /tmp/kvmd-nginx.uwsgi_temp; upstream kvmd { - server unix:/run/kvmd.sock fail_timeout=0s max_fails=0; + server unix:/run/kvmd/kvmd.sock fail_timeout=0s max_fails=0; } upstream ustreamer { - server unix:/run/ustreamer.sock fail_timeout=0s max_fails=0; + server unix:/run/kvmd/ustreamer.sock fail_timeout=0s max_fails=0; } include /usr/share/kvmd/extras/*/nginx.ctx-http.conf; diff --git a/configs/os/systemd/kvmd-ipmi.service b/configs/os/systemd/kvmd-ipmi.service index ee28f923..bdbbdfc8 100644 --- a/configs/os/systemd/kvmd-ipmi.service +++ b/configs/os/systemd/kvmd-ipmi.service @@ -1,10 +1,10 @@ [Unit] -Description=IPMI to KVMD proxy +Description=Pi-KVM - IPMI to KVMD proxy After=kvmd.service [Service] -User=kvmd -Group=kvmd +User=kvmd-ipmi +Group=kvmd-ipmi Type=simple Restart=always RestartSec=3 diff --git a/configs/os/systemd/kvmd-nginx.service b/configs/os/systemd/kvmd-nginx.service index 6b318598..6da9fc1d 100644 --- a/configs/os/systemd/kvmd-nginx.service +++ b/configs/os/systemd/kvmd-nginx.service @@ -1,14 +1,14 @@ [Unit] -Description=Nginx instance for KVMD +Description=Pi-KVM - HTTP entrypoint After=network.target network-online.target nss-lookup.target kvmd.service [Service] Type=forking -PIDFile=/run/kvmd-nginx.pid +PIDFile=/run/kvmd/nginx.pid PrivateDevices=yes SyslogLevel=err -ExecStart=/usr/bin/nginx -p /etc/kvmd/nginx -c /etc/kvmd/nginx/nginx.conf -g 'pid /run/kvmd-nginx.pid; error_log stderr;' +ExecStart=/usr/bin/nginx -p /etc/kvmd/nginx -c /etc/kvmd/nginx/nginx.conf -g 'pid /run/kvmd/nginx.pid; user kvmd-nginx; error_log stderr;' ExecReload=/usr/bin/nginx -s reload -p /etc/kvmd/nginx -c /etc/kvmd/nginx/nginx.conf KillSignal=SIGQUIT KillMode=mixed diff --git a/configs/os/systemd/kvmd-tc358743.service b/configs/os/systemd/kvmd-tc358743.service index 44d26d1a..cb11d391 100644 --- a/configs/os/systemd/kvmd-tc358743.service +++ b/configs/os/systemd/kvmd-tc358743.service @@ -1,5 +1,5 @@ [Unit] -Description=Loads EDID data to TC358743 +Description=Pi-KVM - EDID loader for TC358743 After=systemd-modules-load.service Before=kvmd.service diff --git a/configs/os/systemd/kvmd.service b/configs/os/systemd/kvmd.service index eaab01aa..d161b95e 100644 --- a/configs/os/systemd/kvmd.service +++ b/configs/os/systemd/kvmd.service @@ -1,5 +1,5 @@ [Unit] -Description=The main Pi-KVM daemon +Description=Pi-KVM - The main daemon After=network.target network-online.target nss-lookup.target [Service] diff --git a/configs/os/tmpfiles.conf b/configs/os/tmpfiles.conf new file mode 100644 index 00000000..8e1734d2 --- /dev/null +++ b/configs/os/tmpfiles.conf @@ -0,0 +1 @@ +D /run/kvmd 0775 kvmd kvmd - diff --git a/kvmd.install b/kvmd.install index 3e504d48..42e9645d 100644 --- a/kvmd.install +++ b/kvmd.install @@ -8,19 +8,36 @@ post_install() { post_upgrade() { echo "==> Configuring KVMD users and groups ..." - id kvmd &>/dev/null || useradd -r -c "The main Pi-KVM daemon" -s /sbin/nologin kvmd - for group in gpio uucp systemd-journal; do - (groupmems -l -g "$group" | grep kvmd >/dev/null) || groupmems -g "$group" -a kvmd - done + _create_user kvmd "Pi-KVM - The main daemon" + _add_user_to_group kvmd gpio + _add_user_to_group kvmd uucp + _add_user_to_group kvmd systemd-journal - id kvmd-nginx &>/dev/null || useradd -r -c "Pi-KVM Nginx Server" -s /sbin/nologin kvmd-nginx - (groupmems -l -g kvmd | grep kvmd-nginx >/dev/null) || groupmems -g kvmd -a kvmd-nginx + _create_user kvmd-ipmi "Pi-KVM - IPMI to KVMD proxy" + _add_user_to_group kvmd-ipmi kvmd - chown root:kvmd \ - /usr/share/kvmd/configs.default/kvmd/*passwd \ - /etc/kvmd/*passwd + _create_user kvmd-nginx "Pi-KVM - HTTP entrypoint" + _add_user_to_group kvmd-nginx kvmd + + chown kvmd:kvmd /etc/kvmd/htpasswd + chown kvmd-ipmi:kvmd-ipmi /etc/kvmd/ipmipasswd + chmod 600 /etc/kvmd/*passwd } post_remove() { - userdel kvmd &>/dev/null + _delete_user kvmd-nginx + _delete_user kvmd-ipmi + _delete_user kvmd +} + +_create_user() { + id "$1" &>/dev/null || useradd -r -c "$2" -s /sbin/nologin "$1" +} + +_delete_user() { + userdel "$1" &>/dev/null +} + +_add_user_to_group() { + (groupmems -l -g "$2" | grep "$1" >/dev/null) || groupmems -g "$2" -a "$1" } diff --git a/scripts/kvmd-gencert b/scripts/kvmd-gencert index 5def7926..43e89e08 100755 --- a/scripts/kvmd-gencert +++ b/scripts/kvmd-gencert @@ -34,8 +34,8 @@ cd /etc/kvmd/nginx/ssl openssl req -new -x509 -nodes -newkey rsa:4096 -keyout server.key -out server.crt -days 3650 \ -subj "/C=RU/ST=Moscow/L=Moscow/O=Pi-KVM/OU=Pi-KVM/CN=localhost" -chown -R root:http /etc/kvmd/nginx/ssl +chown -R root:kvmd-nginx /etc/kvmd/nginx/ssl chmod 400 server.key chmod 444 server.crt chmod 750 /etc/kvmd/nginx/ssl diff --git a/testenv/Dockerfile b/testenv/Dockerfile index 99dd8992..41bdf976 100644 --- a/testenv/Dockerfile +++ b/testenv/Dockerfile @@ -37,7 +37,6 @@ RUN pkg-install \ COPY testenv/requirements.txt requirements.txt RUN pip install -r requirements.txt -RUN useradd -r -c "Pi-KVM Nginx Server" -s /sbin/nologin kvmd-nginx RUN mkdir -p /etc/kvmd/nginx CMD /bin/bash diff --git a/testenv/main.yaml b/testenv/main.yaml index 5647d62e..d562ce45 100644 --- a/testenv/main.yaml +++ b/testenv/main.yaml @@ -1,6 +1,6 @@ kvmd: server: - unix: /run/kvmd.sock + unix: /run/kvmd/kvmd.sock unix_rm: true unix_mode: 0666 @@ -26,7 +26,7 @@ kvmd: cap_pin: 17 conv_pin: 18 init_restart_after: 1 - unix: /run/ustreamer.sock + unix: /run/kvmd/ustreamer.sock cmd: - "/usr/bin/ustreamer" - "--device=/dev/kvmd-video" @@ -40,6 +40,6 @@ kvmd: ipmi: kvmd: - unix: /run/kvmd.sock + unix: /run/kvmd/kvmd.sock logging: !include logging.yaml |