othman.suseno/atlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

modified installer script
Some checks failed
CI / test-build (push) Has been cancelled
Details

Browse Source
This commit is contained in:
othman hendy suseno
2025-12-21 12:52:32 +00:00
parent b1a47685f9
commit ad83ae84e4
1 changed files with 30 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

66
installer/install.sh
View File

@@ -485,32 +485,20 @@ install_dependencies() {
echo "" echo ""
} }
# Create system user # Create system user (optional - service runs as root)
create_user() { create_user() {
echo -e "${GREEN}Creating system user...${NC}" echo -e "${GREEN}Note: Service will run as root (no user needed)${NC}"
# User creation is optional now since service runs as root
# But we still create it for file ownership purposes if needed
if ! id "$SERVICE_USER" &>/dev/null; then if ! id "$SERVICE_USER" &>/dev/null; then
useradd -r -s /bin/false -d "$DATA_DIR" "$SERVICE_USER" useradd -r -s /bin/false -d "$DATA_DIR" "$SERVICE_USER" 2>/dev/null || {
echo -e "${GREEN}User $SERVICE_USER created${NC}" echo -e "${YELLOW}User creation skipped (service runs as root)${NC}"
else }
echo -e "${YELLOW}User $SERVICE_USER already exists${NC}"
fi fi
# Add user to disk group for block device access (required for ZFS) # No sudoers configuration needed - service runs as root
if getent group disk > /dev/null 2>&1; then echo -e "${GREEN}No sudo configuration needed (service runs as root)${NC}"
usermod -a -G disk "$SERVICE_USER"
echo -e "${GREEN}Added $SERVICE_USER to disk group${NC}"
fi
# Create sudoers configuration for ZFS commands
echo -e "${GREEN}Configuring sudo for ZFS operations...${NC}"
cat > /etc/sudoers.d/atlas-zfs <<EOF
# Allow atlas user to run ZFS commands without password
# This is required for ZFS pool operations
$SERVICE_USER ALL=(ALL) NOPASSWD: /usr/sbin/zpool, /usr/bin/zpool, /sbin/zpool, /usr/sbin/zfs, /usr/bin/zfs, /sbin/zfs
EOF
chmod 440 /etc/sudoers.d/atlas-zfs
echo -e "${GREEN}Sudo configuration created${NC}"
} }
# Create directories # Create directories
@@ -529,12 +517,15 @@ create_directories() {
mkdir -p "/storage/datasets" mkdir -p "/storage/datasets"
mkdir -p "/storage/shares" mkdir -p "/storage/shares"
# Set ownership # Set ownership (service runs as root, but set ownership for security)
chown -R "$SERVICE_USER:$SERVICE_USER" "$DATA_DIR" # Root can access these directories, but we set ownership for consistency
chown -R "$SERVICE_USER:$SERVICE_USER" "$LOG_DIR" if id "$SERVICE_USER" &>/dev/null; then
chown -R "$SERVICE_USER:$SERVICE_USER" "$BACKUP_DIR" chown -R "$SERVICE_USER:$SERVICE_USER" "$DATA_DIR" 2>/dev/null || true
chown -R "$SERVICE_USER:$SERVICE_USER" "$CONFIG_DIR" chown -R "$SERVICE_USER:$SERVICE_USER" "$LOG_DIR" 2>/dev/null || true
chown -R "$SERVICE_USER:$SERVICE_USER" "/storage" chown -R "$SERVICE_USER:$SERVICE_USER" "$BACKUP_DIR" 2>/dev/null || true
chown -R "$SERVICE_USER:$SERVICE_USER" "$CONFIG_DIR" 2>/dev/null || true
chown -R "$SERVICE_USER:$SERVICE_USER" "/storage" 2>/dev/null || true
fi
# Set permissions # Set permissions
chmod 755 "$INSTALL_DIR" chmod 755 "$INSTALL_DIR"
@@ -872,8 +863,10 @@ copy_web_files() {
} }
fi fi
# Set ownership # Set ownership (service runs as root)
chown -R "$SERVICE_USER:$SERVICE_USER" "$INSTALL_DIR/web" if id "$SERVICE_USER" &>/dev/null; then
chown -R "$SERVICE_USER:$SERVICE_USER" "$INSTALL_DIR/web" 2>/dev/null || true
fi
chmod -R 755 "$INSTALL_DIR/web" chmod -R 755 "$INSTALL_DIR/web"
echo -e "${GREEN}Web files copied successfully${NC}" echo -e "${GREEN}Web files copied successfully${NC}"
@@ -893,8 +886,8 @@ After=network.target zfs.target
[Service] [Service]
Type=simple Type=simple
User=$SERVICE_USER # Service runs as root for ZFS and storage operations
Group=$SERVICE_USER # No User/Group specified - runs as root
WorkingDirectory=$INSTALL_DIR WorkingDirectory=$INSTALL_DIR
ExecStart=$INSTALL_DIR/bin/atlas-api ExecStart=$INSTALL_DIR/bin/atlas-api
Restart=always Restart=always
@@ -911,13 +904,11 @@ Environment="ATLAS_LOG_LEVEL=INFO"
Environment="ATLAS_LOG_FORMAT=json" Environment="ATLAS_LOG_FORMAT=json"
# Security # Security
# Note: NoNewPrivileges is set to false to allow sudo for ZFS operations # Service runs as root for ZFS operations (no sudo needed)
# This is necessary for ZFS pool management
NoNewPrivileges=false
PrivateTmp=true PrivateTmp=true
ProtectSystem=strict ProtectSystem=strict
ProtectHome=true ProtectHome=true
ReadWritePaths=$DATA_DIR $LOG_DIR $BACKUP_DIR $CONFIG_DIR ReadWritePaths=$DATA_DIR $LOG_DIR $BACKUP_DIR $CONFIG_DIR /storage /etc/samba /etc/exports
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target
@@ -959,7 +950,10 @@ ATLAS_LOG_FORMAT=json
# ATLAS_JWT_SECRET=your-secret-here # ATLAS_JWT_SECRET=your-secret-here
EOF EOF
chown "$SERVICE_USER:$SERVICE_USER" "$CONFIG_DIR/atlas.conf" # Service runs as root, but set ownership for consistency
if id "$SERVICE_USER" &>/dev/null; then
chown "$SERVICE_USER:$SERVICE_USER" "$CONFIG_DIR/atlas.conf" 2>/dev/null || true
fi
chmod 600 "$CONFIG_DIR/atlas.conf" chmod 600 "$CONFIG_DIR/atlas.conf"
echo -e "${GREEN}Configuration created${NC}" echo -e "${GREEN}Configuration created${NC}"