Merge pull request #1596 from atsign-foundation/cpswan-upgrade-scripts

feat: Use override.conf files for systemd unit config

packages/dart/sshnoports/bundles/shell/install.sh

@@ -202,7 +202,10 @@ install_all_binaries() {
 # SYSTEMD #
 
 post_systemd_message() {
-  echo "Systemd unit installed, make sure to configure the unit by editing $dest"
+  echo "Systemd unit installed, make sure to configure the unit by editing"
+  echo "the override.conf using:"
+  echo "  sudo systemctl edit $unit_name"
+  echo ""
   echo "Learn more in $script_dir/systemd/README.md"
   echo ""
   echo "To enable the service on next boot:"
@@ -214,10 +217,52 @@ post_systemd_message() {
 
 install_systemd_unit() {
   unit_name="$1"
+  systemd_unit="$systemd_dir/$unit_name"
+  systemd_config="$systemd_unit.d/override.conf"
   no_mac
-  mkdir -p "$systemd_dir"
-  dest="$systemd_dir/$unit_name"
-  cp "$script_dir/systemd/$unit_name" "$dest"
+  if [ -f "$systemd_unit" ]; then
+    # migrate old config from systemd unit file to override.conf
+    mkdir -p "$systemd_unit.d"
+    touch "$systemd_config"
+    if [ ! -s "$systemd_config" ]; then
+      echo "[Service]" >> "$systemd_config"
+    fi
+    temp_file="$systemd_unit.tmp"
+    while IFS= read -r line; do
+      case "$line" in
+        Environment=*)
+            # Comment out the line in the original file
+            echo "# config migrated to $systemd_config" >> "$temp_file"
+            echo "# $line" >> "$temp_file"
+            # Extract the environment variable and write it to the override file
+            echo "# config migrated from $systemd_unit" >> "$systemd_config"
+            echo "$line" >> "$systemd_config"
+            ;;
+        User=*)
+            # Comment out the line in the original file
+            echo "# config migrated to $systemd_config" >> "$temp_file"
+            echo "# $line" >> "$temp_file"
+            # Extract the user variable and write it to the override file
+            echo "# config migrated from $systemd_unit" >> "$systemd_config"
+            echo "$line" >> "$systemd_config"
+            ;;
+        *)
+            echo "$line" >> "$temp_file"
+            ;;
+        esac
+    done < "$systemd_unit"
+    # Overwrite the original file with the modified content
+    mv "$temp_file" "$systemd_unit"
+    echo "sshnpd configuration migrated to override.conf"
+  else
+    cp "$script_dir/systemd/$unit_name" "$systemd_unit"
+  fi
+  if [ -f "$systemd_config" ]; then
+    echo "systemd config already in place"
+  else
+    cp "$script_dir/systemd/$unit_name.d/override.conf" "$systemd_config"
+  fi
+  systemctl daemon-reload
   post_systemd_message
 }
 
@@ -268,7 +313,11 @@ install_launchd_unit() {
   mac_only
   mkdir -p "$launchd_dir"
   dest="$launchd_dir/$unit_name"
-  cp "$script_dir/launchd/$unit_name" "$dest"
+  if [ -f "$dest" ]; then
+    echo "launchd config already in place"
+  else
+    cp "$script_dir/launchd/$unit_name" "$dest"
+  fi
   post_launchd_message
 }
 

packages/dart/sshnoports/bundles/shell/systemd/README.md

@@ -1,78 +1,91 @@
-# Systemd Units
-
-This directory contains systemd unit definitions for running various components
-of the SSH No Ports suite.
-
-## sshnpd
-
-### Installation
-
-The `sshnpd.service` file should be placed in `/etc/systemd/system` (as root).
-
-Modify the `sshnpd.service` unit to use the appropriate host and client atSigns,
-(The boilerplate uses @device_atsign @manager_atsign) as well as the devicename.
-Also change the username and make sure that username running sshnpd has the
-.atkeys file in place at '~/.atsign/keys'.
-
-Run the following command to view full usage information of the sshnpd binary:
-```sh
-/usr/local/bin/sshnpd
-```
-
-### Usage
-
-To enable the service:
-
-```sh
-sudo systemctl enable sshnpd.service
-```
-
-The services will then start at the next reboot, or can be started immediately
-with:
-
-```sh
-sudo systemctl start sshnpd.service
-```
-
-To view the realtime logs, use journalctl:
-
-```sh
-sudo journalctl -u sshnpd.service
-```
-
-## srvd
-
-### Installation
-
-The `srvd.service` file should be placed in `/etc/systemd/system` (as root).
-
-Modify the `srvd.service` unit to use the appropriate atSign,
-(The boilerplate uses @atsign) as well as the internet address.
-Also change the username and make sure that username running srvd has the
-.atkeys file in place at '~/.atsign/keys'.
-
-Run the following command to view full usage information of the srvd binary:
-```sh
-/usr/local/bin/srvd
-```
-
-### Usage
-
-To enable the service use:
-
-```sh
-sudo systemctl enable srvd.service
-```
-
-The services will then start at the next reboot, or can be started immediately
-with:
-
-```sh
-sudo systemctl start srvd.service
-```
-
-To view the realtime logs, use journalctl:
-
-```sh
-sudo journalctl -u srvd.service
-```
+# Systemd Units
+
+This directory contains systemd unit definitions for running various
+components of the NoPorts suite.
+
+## sshnpd
+
+### Installation
+
+The `sshnpd.service` file should be placed in `/etc/systemd/system` (as root).
+
+The `sshnpd.service` unit `override.conf` can be modified by running:
+
+```sh
+sudo systemctl edit sshnpd
+```
+
+It should be edited to use the appropriate host and client atSigns, (The
+boilerplate uses @device_atsign @manager_atsign) as well as the devicename.
+Also change the username and make sure that username running sshnpd has the
+.atkeys file in place at '~/.atsign/keys'.
+
+Run the following command to view full usage information of the sshnpd binary:
+```sh
+/usr/local/bin/sshnpd
+```
+
+### Usage
+
+To enable the service:
+
+```sh
+sudo systemctl enable sshnpd
+```
+
+The services will then start at the next reboot, or can be started immediately
+with:
+
+```sh
+sudo systemctl start sshnpd
+```
+
+To view the realtime logs, use journalctl:
+
+```sh
+journalctl -u sshnpd -f
+```
+
+## srvd
+
+### Installation
+
+The `srvd.service` file should be placed in `/etc/systemd/system` (as root).
+
+The `srvd.service` unit `override.conf` can be modified by running:
+
+```sh
+sudo systemctl edit ssrvd
+```
+
+It should be edited to use the appropriate atSign,
+(The boilerplate uses @atsign) as well as the internet address.
+Also change the username and make sure that username running srvd has the
+.atkeys file in place at '~/.atsign/keys'.
+
+Run the following command to view full usage information of the srvd binary:
+
+```sh
+/usr/local/bin/srvd
+```
+
+### Usage
+
+To enable the service use:
+
+```sh
+sudo systemctl enable srvd
+```
+
+The services will then start at the next reboot, or can be started immediately
+with:
+
+```sh
+sudo systemctl start srvd
+```
+
+To view the realtime logs, use journalctl:
+
+```sh
+journalctl -u srvd -f
+```

packages/dart/sshnoports/bundles/shell/systemd/srvd.service

@@ -10,21 +10,6 @@ Type=simple
 Restart=always
 RestartSec=3
 
-# Configuration of srvd service
-# This unit script is a template for the srvd background service.
-# You can configure the service by editing the variables below.
-# This service file covers the common configuration options for srvd.
-# To see all available options, run `srvd` with no arguments.
-
-# MANDATORY: User to run the daemon as
-User=<username>
-
-# MANDATORY: Srvd atSign
-Environment=atsign="@my_rvd"
-
-# MANDATORY: Public FQDN or IP address of the machine running the srvd
-Environment=internet_address=""
-
 # The line below runs the srvd service, with the options set above.
 # You can edit this line to further customize the service to your needs.
-ExecStart=/usr/local/bin/srvd -a "$atsign" -i "$internet_address"
+ExecStart=/usr/local/bin/srvd -a "$atsign" -i "$internet_address" "$additional_args"

packages/dart/sshnoports/bundles/shell/systemd/srvd.service.d/override.conf

@@ -0,0 +1,19 @@
+# Configuration of srvd service
+# This override configuration is a template for the srvd service.
+# You can configure the service by editing the variables below.
+# This ovverride config covers the common configuration options for srvd.
+# To see all available options, run `srvd` with no arguments.
+
+[Service]
+
+# MANDATORY: User to run the daemon as
+User=<username>
+
+# MANDATORY: Srvd atSign
+Environment=atsign="@my_rvd"
+
+# MANDATORY: Public FQDN or IP address of the machine running the srvd
+Environment=internet_address=""
+
+# Any additional command line arguments for srvd
+Environment=additional_args=""

packages/dart/sshnoports/bundles/shell/systemd/sshnpd.service

@@ -2,12 +2,6 @@
 Description=Ssh No Ports Daemon
 After=network-online.target
 
-# Uncomment the following line to make this unit fail if sshd isn't started first
-; Requisite=sshd.service
-
-# Uncomment the following line to make this unit auto-start sshd if it isn't started
-; Requires=sshd.service
-
 [Install]
 WantedBy=multi-user.target
 
@@ -16,36 +10,7 @@ Type=simple
 Restart=always
 RestartSec=3
 
-# Configuration of sshnpd service
-# This unit script is a template for the sshnpd background service.
-# You can configure the service by editing the variables below.
-# This service file covers the common configuration options for sshnpd.
-# To see all available options, run `sshnpd` with no arguments.
-
-# MANDATORY: User to run the daemon as
-User=<username>
-
-# MANDATORY: Manager/client address (atSign)
-Environment=manager_atsign="@example_client"
-
-# MANDATORY: Device address (atSign)
-Environment=device_atsign="@example_device"
-
-# OPTIONAL: Delegated access policy management
-Environment=delegate_policy=""
-
-# Device name
-Environment=device_name="default"
-
-# Comment if you don't want the daemon to update authorized_keys to include public keys sent by authorized manager atSigns
-Environment=s="-s"
-
-# Comment if you don't want the daemon to share various information with the manager atsign - e.g. username, version, etc - without the manager atSign needing to know this daemon's device name
-Environment=u="-u"
-
-# Comment to disable verbose logging
-Environment=v="-v"
-
-# The line below runs the sshnpd service, with the options set above.
-# You can edit this line to further customize the service to your needs.
-ExecStart=/usr/local/bin/sshnpd -a "$device_atsign" -m "$manager_atsign" -d "$device_name" "$delegate_policy" "$s" "$u" "$v"
+# The line below runs the sshnpd service, with the options set in
+# /etc/systemd/system/sshnpd.d/override.conf.
+# You can edit that config with: sudo systemctl edit sshnpd
+ExecStart=/usr/local/bin/sshnpd -a "$device_atsign" -m "$manager_atsign" -d "$device_name" "$delegate_policy" "$s" "$u" "$v" "$additional_args"

packages/dart/sshnoports/bundles/shell/systemd/sshnpd.service.d/override.conf

@@ -0,0 +1,40 @@
+# Configuration of sshnpd service
+# This override configuration is a template for the sshnpd service.
+# You can configure the service by editing the variables below.
+# This service file covers the common configuration options for sshnpd.
+# To see all available options, run `sshnpd` with no arguments.
+
+[Unit]
+
+# Uncomment the following line to make this unit fail if sshd isn't started first
+; Requisite=sshd.service
+
+# Uncomment the following line to make this unit auto-start sshd if it isn't started
+; Requires=sshd.service
+
+[Service]
+
+# MANDATORY: User to run the daemon as
+User=<username>
+
+# MANDATORY: Manager (client) or policy manager address (atSign)
+Environment=manager_atsign="@example_client"
+
+# MANDATORY: Device address (atSign)
+Environment=device_atsign="@example_device"
+
+# OPTIONAL: Delegated access policy management
+Environment=delegate_policy=""
+
+# Device name
+Environment=device_name="default"
+
+# Comment if you don't want the daemon to update authorized_keys to include
+# public keys sent by authorized manager atSigns
+Environment=s="-s"
+
+# Comment to disable verbose logging
+Environment=v="-v"
+
+# Any additional command line arguments for sshnpd
+Environment=additional_args=""