156 lines
4.0 KiB
Bash
Executable File
156 lines
4.0 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
set -euo pipefail
|
|
|
|
SERVICE_NAME="luxtools-client"
|
|
INSTALL_DIR="${HOME}/.local/share/${SERVICE_NAME}"
|
|
BIN_PATH="${INSTALL_DIR}/${SERVICE_NAME}"
|
|
CONFIG_DIR="${HOME}/.config/${SERVICE_NAME}"
|
|
ENV_FILE="${CONFIG_DIR}/${SERVICE_NAME}.env"
|
|
UNIT_DIR="${HOME}/.config/systemd/user"
|
|
UNIT_FILE="${UNIT_DIR}/${SERVICE_NAME}.service"
|
|
|
|
DEFAULT_LISTEN="127.0.0.1:8765"
|
|
|
|
usage() {
|
|
cat <<EOF
|
|
Usage: $0 [--listen host:port] [--allow <path>]...
|
|
|
|
Installs/updates ${SERVICE_NAME} as a systemd *user* service (runs under your current user).
|
|
- Re-running updates the installed binary and restarts the service.
|
|
- A stable token is stored in ${ENV_FILE} (created on first install).
|
|
|
|
Options:
|
|
--listen host:port Listen address (default: ${DEFAULT_LISTEN})
|
|
--allow PATH Allowed path prefix (repeatable). If none, any path is allowed.
|
|
EOF
|
|
}
|
|
|
|
if [[ "${1:-}" == "-h" || "${1:-}" == "--help" ]]; then
|
|
usage
|
|
exit 0
|
|
fi
|
|
|
|
SCRIPT_DIR="$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" && pwd)"
|
|
SRC_BIN="${SCRIPT_DIR}/${SERVICE_NAME}"
|
|
if [[ ! -f "$SRC_BIN" ]]; then
|
|
echo "Missing binary next to script: ${SRC_BIN}" >&2
|
|
echo "Build it first (e.g. 'go build -o ${SERVICE_NAME} .') and re-run." >&2
|
|
exit 1
|
|
fi
|
|
|
|
LISTEN="${DEFAULT_LISTEN}"
|
|
ALLOW_ARGS=""
|
|
|
|
while [[ $# -gt 0 ]]; do
|
|
case "$1" in
|
|
--listen)
|
|
LISTEN="${2:-}"
|
|
shift 2
|
|
;;
|
|
--allow)
|
|
p="${2:-}"
|
|
if [[ -n "$p" ]]; then
|
|
# Note: this is inserted into a shell command in the systemd unit; we escape quotes.
|
|
p_escaped=${p//\"/\\\"}
|
|
ALLOW_ARGS+=" -allow \"${p_escaped}\""
|
|
fi
|
|
shift 2
|
|
;;
|
|
*)
|
|
echo "Unknown arg: $1" >&2
|
|
usage
|
|
exit 2
|
|
;;
|
|
esac
|
|
done
|
|
|
|
mkdir -p "$INSTALL_DIR" "$CONFIG_DIR" "$UNIT_DIR"
|
|
|
|
# Copy a fresh binary into a temp location, then atomically replace.
|
|
TMP_BIN="$(mktemp -p /tmp ${SERVICE_NAME}.XXXXXX)"
|
|
trap 'rm -f "$TMP_BIN"' EXIT
|
|
|
|
cp "$SRC_BIN" "$TMP_BIN"
|
|
chmod 0755 "$TMP_BIN" || true
|
|
|
|
if [[ -f "$ENV_FILE" ]]; then
|
|
# Preserve existing config (especially TOKEN).
|
|
# shellcheck disable=SC1090
|
|
source "$ENV_FILE" || true
|
|
fi
|
|
|
|
CURRENT_TOKEN="${TOKEN:-}"
|
|
SUGGESTED_TOKEN=""
|
|
if [[ -z "${CURRENT_TOKEN}" ]]; then
|
|
if command -v openssl >/dev/null 2>&1; then
|
|
SUGGESTED_TOKEN="$(openssl rand -base64 32 | tr '+/' '-_' | tr -d '=\n\r')"
|
|
else
|
|
SUGGESTED_TOKEN="$(head -c 32 /dev/urandom | base64 | tr '+/' '-_' | tr -d '=\n\r')"
|
|
fi
|
|
fi
|
|
|
|
echo
|
|
if [[ -n "${CURRENT_TOKEN}" ]]; then
|
|
echo "A token is already configured. Press Enter to keep it, or paste a new one."
|
|
else
|
|
echo "No token configured yet. Press Enter to use a generated token, or paste your own."
|
|
fi
|
|
read -r -s -p "Token: " TOKEN_INPUT
|
|
echo
|
|
|
|
if [[ -n "${TOKEN_INPUT}" ]]; then
|
|
TOKEN="${TOKEN_INPUT}"
|
|
elif [[ -n "${CURRENT_TOKEN}" ]]; then
|
|
TOKEN="${CURRENT_TOKEN}"
|
|
else
|
|
TOKEN="${SUGGESTED_TOKEN}"
|
|
fi
|
|
|
|
cat >"$ENV_FILE" <<EOF
|
|
# ${SERVICE_NAME} environment
|
|
# Keep this file to preserve your shared token across updates.
|
|
LISTEN="${LISTEN}"
|
|
TOKEN="${TOKEN}"
|
|
ALLOW_ARGS="${ALLOW_ARGS}"
|
|
EOF
|
|
chmod 0640 "$ENV_FILE"
|
|
|
|
# Best-effort tighten config perms for single-user token storage.
|
|
chmod 0600 "$ENV_FILE" || true
|
|
|
|
install -m 0755 -D "$TMP_BIN" "$BIN_PATH"
|
|
|
|
cat >"$UNIT_FILE" <<'EOF'
|
|
[Unit]
|
|
Description=luxtools-client (local folder opener helper)
|
|
|
|
[Service]
|
|
Type=simple
|
|
EnvironmentFile=%h/.config/luxtools-client/luxtools-client.env
|
|
ExecStart=/bin/sh -lc '%h/.local/share/luxtools-client/luxtools-client -listen "$LISTEN" -token "$TOKEN" $ALLOW_ARGS'
|
|
Restart=on-failure
|
|
RestartSec=1
|
|
|
|
NoNewPrivileges=true
|
|
PrivateTmp=true
|
|
|
|
[Install]
|
|
WantedBy=default.target
|
|
EOF
|
|
|
|
systemctl --user daemon-reload
|
|
systemctl --user enable "$SERVICE_NAME" >/dev/null
|
|
systemctl --user restart "$SERVICE_NAME"
|
|
|
|
echo
|
|
echo "Installed/updated ${SERVICE_NAME}."
|
|
echo "- Binary: ${BIN_PATH}"
|
|
echo "- Unit: ${UNIT_FILE}"
|
|
echo "- Config: ${ENV_FILE}"
|
|
echo "Token (set this in the plugin config): ${TOKEN}"
|
|
|
|
echo
|
|
echo "View logs with: journalctl --user -u ${SERVICE_NAME} -f"
|
|
echo "If you want it to start at boot without logging in, enable lingering:"
|
|
echo " loginctl enable-linger $(whoami)"
|