Add install scripts
This commit is contained in:
155
install-linux.sh
Executable file
155
install-linux.sh
Executable file
@@ -0,0 +1,155 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
SERVICE_NAME="luxtools-client"
|
||||
INSTALL_DIR="${HOME}/.local/share/${SERVICE_NAME}"
|
||||
BIN_PATH="${INSTALL_DIR}/${SERVICE_NAME}"
|
||||
CONFIG_DIR="${HOME}/.config/${SERVICE_NAME}"
|
||||
ENV_FILE="${CONFIG_DIR}/${SERVICE_NAME}.env"
|
||||
UNIT_DIR="${HOME}/.config/systemd/user"
|
||||
UNIT_FILE="${UNIT_DIR}/${SERVICE_NAME}.service"
|
||||
|
||||
DEFAULT_LISTEN="127.0.0.1:8765"
|
||||
|
||||
usage() {
|
||||
cat <<EOF
|
||||
Usage: $0 [--listen host:port] [--allow <path>]...
|
||||
|
||||
Installs/updates ${SERVICE_NAME} as a systemd *user* service (runs under your current user).
|
||||
- Re-running updates the installed binary and restarts the service.
|
||||
- A stable token is stored in ${ENV_FILE} (created on first install).
|
||||
|
||||
Options:
|
||||
--listen host:port Listen address (default: ${DEFAULT_LISTEN})
|
||||
--allow PATH Allowed path prefix (repeatable). If none, any path is allowed.
|
||||
EOF
|
||||
}
|
||||
|
||||
if [[ "${1:-}" == "-h" || "${1:-}" == "--help" ]]; then
|
||||
usage
|
||||
exit 0
|
||||
fi
|
||||
|
||||
SCRIPT_DIR="$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" && pwd)"
|
||||
SRC_BIN="${SCRIPT_DIR}/${SERVICE_NAME}"
|
||||
if [[ ! -f "$SRC_BIN" ]]; then
|
||||
echo "Missing binary next to script: ${SRC_BIN}" >&2
|
||||
echo "Build it first (e.g. 'go build -o ${SERVICE_NAME} .') and re-run." >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
LISTEN="${DEFAULT_LISTEN}"
|
||||
ALLOW_ARGS=""
|
||||
|
||||
while [[ $# -gt 0 ]]; do
|
||||
case "$1" in
|
||||
--listen)
|
||||
LISTEN="${2:-}"
|
||||
shift 2
|
||||
;;
|
||||
--allow)
|
||||
p="${2:-}"
|
||||
if [[ -n "$p" ]]; then
|
||||
# Note: this is inserted into a shell command in the systemd unit; we escape quotes.
|
||||
p_escaped=${p//\"/\\\"}
|
||||
ALLOW_ARGS+=" -allow \"${p_escaped}\""
|
||||
fi
|
||||
shift 2
|
||||
;;
|
||||
*)
|
||||
echo "Unknown arg: $1" >&2
|
||||
usage
|
||||
exit 2
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
mkdir -p "$INSTALL_DIR" "$CONFIG_DIR" "$UNIT_DIR"
|
||||
|
||||
# Copy a fresh binary into a temp location, then atomically replace.
|
||||
TMP_BIN="$(mktemp -p /tmp ${SERVICE_NAME}.XXXXXX)"
|
||||
trap 'rm -f "$TMP_BIN"' EXIT
|
||||
|
||||
cp "$SRC_BIN" "$TMP_BIN"
|
||||
chmod 0755 "$TMP_BIN" || true
|
||||
|
||||
if [[ -f "$ENV_FILE" ]]; then
|
||||
# Preserve existing config (especially TOKEN).
|
||||
# shellcheck disable=SC1090
|
||||
source "$ENV_FILE" || true
|
||||
fi
|
||||
|
||||
CURRENT_TOKEN="${TOKEN:-}"
|
||||
SUGGESTED_TOKEN=""
|
||||
if [[ -z "${CURRENT_TOKEN}" ]]; then
|
||||
if command -v openssl >/dev/null 2>&1; then
|
||||
SUGGESTED_TOKEN="$(openssl rand -base64 32 | tr '+/' '-_' | tr -d '=\n\r')"
|
||||
else
|
||||
SUGGESTED_TOKEN="$(head -c 32 /dev/urandom | base64 | tr '+/' '-_' | tr -d '=\n\r')"
|
||||
fi
|
||||
fi
|
||||
|
||||
echo
|
||||
if [[ -n "${CURRENT_TOKEN}" ]]; then
|
||||
echo "A token is already configured. Press Enter to keep it, or paste a new one."
|
||||
else
|
||||
echo "No token configured yet. Press Enter to use a generated token, or paste your own."
|
||||
fi
|
||||
read -r -s -p "Token: " TOKEN_INPUT
|
||||
echo
|
||||
|
||||
if [[ -n "${TOKEN_INPUT}" ]]; then
|
||||
TOKEN="${TOKEN_INPUT}"
|
||||
elif [[ -n "${CURRENT_TOKEN}" ]]; then
|
||||
TOKEN="${CURRENT_TOKEN}"
|
||||
else
|
||||
TOKEN="${SUGGESTED_TOKEN}"
|
||||
fi
|
||||
|
||||
cat >"$ENV_FILE" <<EOF
|
||||
# ${SERVICE_NAME} environment
|
||||
# Keep this file to preserve your shared token across updates.
|
||||
LISTEN="${LISTEN}"
|
||||
TOKEN="${TOKEN}"
|
||||
ALLOW_ARGS="${ALLOW_ARGS}"
|
||||
EOF
|
||||
chmod 0640 "$ENV_FILE"
|
||||
|
||||
# Best-effort tighten config perms for single-user token storage.
|
||||
chmod 0600 "$ENV_FILE" || true
|
||||
|
||||
install -m 0755 -D "$TMP_BIN" "$BIN_PATH"
|
||||
|
||||
cat >"$UNIT_FILE" <<'EOF'
|
||||
[Unit]
|
||||
Description=luxtools-client (local folder opener helper)
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
EnvironmentFile=%h/.config/luxtools-client/luxtools-client.env
|
||||
ExecStart=/bin/sh -lc '%h/.local/share/luxtools-client/luxtools-client -listen "$LISTEN" -token "$TOKEN" $ALLOW_ARGS'
|
||||
Restart=on-failure
|
||||
RestartSec=1
|
||||
|
||||
NoNewPrivileges=true
|
||||
PrivateTmp=true
|
||||
|
||||
[Install]
|
||||
WantedBy=default.target
|
||||
EOF
|
||||
|
||||
systemctl --user daemon-reload
|
||||
systemctl --user enable "$SERVICE_NAME" >/dev/null
|
||||
systemctl --user restart "$SERVICE_NAME"
|
||||
|
||||
echo
|
||||
echo "Installed/updated ${SERVICE_NAME}."
|
||||
echo "- Binary: ${BIN_PATH}"
|
||||
echo "- Unit: ${UNIT_FILE}"
|
||||
echo "- Config: ${ENV_FILE}"
|
||||
echo "Token (set this in the plugin config): ${TOKEN}"
|
||||
|
||||
echo
|
||||
echo "View logs with: journalctl --user -u ${SERVICE_NAME} -f"
|
||||
echo "If you want it to start at boot without logging in, enable lingering:"
|
||||
echo " loginctl enable-linger $(whoami)"
|
||||
Reference in New Issue
Block a user