diff --git a/.goreleaser.yml b/.goreleaser.yml index 090f180..431add6 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -31,3 +31,28 @@ release: # If set to true, will mark the release as not ready for production. # Default is false. prerelease: auto + +nfpms: + - + vendor: Arne Jørgensen + maintainer: Arne Jørgensen + description: Local Docker Development DNS + license: MIT + formats: + - deb + dependencies: + - docker.io + - libsystemd0 + bindir: /usr/libexec + contents: + - src: ldddns.service + dst: /lib/systemd/system/ldddns.service + type: config + + - src: ldddns.env + dst: /etc/default/ldddns + type: config + scripts: + postinstall: "scripts/postinstall.sh" + preremove: "scripts/preremove.sh" + postremove: "scripts/postremove.sh" diff --git a/README.md b/README.md index 6f96153..864128e 100644 --- a/README.md +++ b/README.md @@ -20,6 +20,8 @@ https://my-fancy.local). ## Install +Download the `.deb` file and run: + ```console -curl -fsSL https://raw.githubusercontent.com/arnested/ldddns/main/install.sh | bash +sudo dpkg -i ldddns_0.0.16_linux_amd64.deb ``` diff --git a/install.sh b/install.sh deleted file mode 100755 index 5c5ec9b..0000000 --- a/install.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/usr/bin/env bash - -if [ -z "$BASH" ] ;then echo Please run this with bash; exit 1; fi - -set -euo pipefail - -ldddns_install() { - set -euo pipefail - - tmpdir="$(mktemp -d)" - - # Make a cleanup function - cleanup() { - rm --recursive --force -- "${tmpdir}" - } - trap cleanup EXIT - - echo Downloading ldddns binary - curl --proto =https --fail --location --progress-bar --output "${tmpdir}/ldddns" "https://github.com/arnested/ldddns/releases/latest/download/ldddns_$(uname -s)_$(uname -m)" - - chmod +x "${tmpdir}/ldddns" - - install_dir=/usr/local/libexec/ldddns - - echo Making directory \(${install_dir}\) for installing service binary - mkdir -p "${install_dir}" - - echo Installing service binary in ${install_dir} - mv "${tmpdir}/ldddns" "${install_dir}" - - echo Generating systemd service unit - "${install_dir}/ldddns" > "${tmpdir}/ldddns.service" - - echo Installing systemd service unit in /etc/systemd/system/ldddns.service - mv "${tmpdir}/ldddns.service" /etc/systemd/system/ldddns.service - - echo Reloading systemd daemon - systemctl daemon-reload - - if systemctl is-active --quiet ldddns.service; then - echo Found existing, running ldddns.service - restarting it - systemctl restart ldddns.service - fi - - if ! systemctl is-enabled --quiet ldddns.service; then - echo Enabling systemd service - systemctl enable --now ldddns.service; - fi -} - -pkexec bash -c "$(declare -f ldddns_install) ; ldddns_install" diff --git a/ldddns.env b/ldddns.env new file mode 100644 index 0000000..c25e704 --- /dev/null +++ b/ldddns.env @@ -0,0 +1 @@ +DOCKER_API_VERSION=1.40 diff --git a/ldddns.service b/ldddns.service new file mode 100644 index 0000000..72f17eb --- /dev/null +++ b/ldddns.service @@ -0,0 +1,39 @@ +[Unit] +Description=Local Docker Development DNS +BindTo=docker.service +After=docker.service + +[Service] +Type=notify +EnvironmentFile=-/etc/default/ldddns +ExecStart=/usr/libexec/ldddns +SuccessExitStatus=15 +Restart=on-failure +DynamicUser=yes +SupplementaryGroups=docker +CapabilityBoundingSet= +DevicePolicy=closed +IPAddressDeny=any +LockPersonality=yes +MemoryDenyWriteExecute=yes +NoNewPrivileges=yes +PrivateDevices=yes +PrivateNetwork=yes +PrivateUsers=yes +ProtectClock=yes +ProtectControlGroups=yes +ProtectHome=yes +ProtectHostname=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +RestrictAddressFamilies=AF_UNIX +RestrictNamespaces=yes +RestrictRealtime=yes +SystemCallArchitectures=native +SystemCallErrorNumber=EPERM +SystemCallFilter=@system-service +UMask=0777 + +[Install] +WantedBy=docker.service diff --git a/main.go b/main.go index 52dbc8f..c28f3ca 100644 --- a/main.go +++ b/main.go @@ -17,12 +17,13 @@ import ( "github.com/holoplot/go-avahi" ) -func main() { - if len(os.Args) < 2 || os.Args[1] != "service" { - installService() - os.Exit(0) - } +// Version string to be set at compile time via command line (-ldflags "-X main.version=1.2.3"). +var ( + version string +) +func main() { + logf(PriNotice, "Starting ldddns %s...", version) // Setup stuff. docker, err := client.NewClientWithOpts(client.FromEnv) if err != nil { diff --git a/scripts/postinstall.sh b/scripts/postinstall.sh new file mode 100644 index 0000000..1d755f7 --- /dev/null +++ b/scripts/postinstall.sh @@ -0,0 +1,17 @@ +#!/bin/sh + +set -e + +docker_version=$(/usr/bin/docker version --format '{{ .Server.APIVersion }}') + +/usr/bin/sed -i "s/\(DOCKER_API_VERSION=\).*/\1${docker_version}/" /etc/default/ldddns + +/bin/systemctl daemon-reload + +if /bin/systemctl is-active --quiet ldddns.service; then + /bin/systemctl restart ldddns.service +fi + +if ! /bin/systemctl is-enabled --quiet ldddns.service; then + /bin/systemctl enable --now ldddns.service; +fi diff --git a/scripts/postremove.sh b/scripts/postremove.sh new file mode 100644 index 0000000..753b32d --- /dev/null +++ b/scripts/postremove.sh @@ -0,0 +1,5 @@ +#!/bin/sh + +set -e + +/bin/systemctl daemon-reload diff --git a/scripts/preremove.sh b/scripts/preremove.sh new file mode 100644 index 0000000..298dbe0 --- /dev/null +++ b/scripts/preremove.sh @@ -0,0 +1,11 @@ +#!/bin/sh + +set -e + +if /bin/systemctl is-active --quiet ldddns.service; then + /bin/systemctl stop ldddns.service +fi + +if /bin/systemctl is-enabled --quiet ldddns.service; then + /bin/systemctl disable --now ldddns.service; +fi diff --git a/service.go b/service.go deleted file mode 100644 index 18803c1..0000000 --- a/service.go +++ /dev/null @@ -1,78 +0,0 @@ -package main - -import ( - "bytes" - "fmt" - "io" - "log" - "os" - "os/exec" - "strings" - - "github.com/coreos/go-systemd/unit" -) - -func installService() { - version := serverVersion() - - executable, err := os.Executable() - if err != nil { - panic(fmt.Errorf("could not find path of executable: %w", err)) - } - - serviceUnit := unit.Serialize([]*unit.UnitOption{ - unit.NewUnitOption("Unit", "Description", "Local Docker Development DNS"), - unit.NewUnitOption("Unit", "BindTo", "docker.service"), - unit.NewUnitOption("Unit", "After", "docker.service"), - unit.NewUnitOption("Service", "Type", "notify"), - unit.NewUnitOption("Service", "Environment", "DOCKER_API_VERSION="+version), - unit.NewUnitOption("Service", "ExecStart", executable+" service"), - unit.NewUnitOption("Service", "SuccessExitStatus", "15"), - unit.NewUnitOption("Service", "Restart", "on-failure"), - unit.NewUnitOption("Service", "DynamicUser", "yes"), - unit.NewUnitOption("Service", "SupplementaryGroups", "docker"), - unit.NewUnitOption("Service", "CapabilityBoundingSet", ""), - unit.NewUnitOption("Service", "DevicePolicy", "closed"), - unit.NewUnitOption("Service", "IPAddressDeny", "any"), - unit.NewUnitOption("Service", "LockPersonality", "yes"), - unit.NewUnitOption("Service", "MemoryDenyWriteExecute", "yes"), - unit.NewUnitOption("Service", "NoNewPrivileges", "yes"), - unit.NewUnitOption("Service", "PrivateDevices", "yes"), - unit.NewUnitOption("Service", "PrivateNetwork", "yes"), - unit.NewUnitOption("Service", "PrivateUsers", "yes"), - unit.NewUnitOption("Service", "ProtectClock", "yes"), - unit.NewUnitOption("Service", "ProtectControlGroups", "yes"), - unit.NewUnitOption("Service", "ProtectHome", "yes"), - unit.NewUnitOption("Service", "ProtectHostname", "yes"), - unit.NewUnitOption("Service", "ProtectKernelLogs", "yes"), - unit.NewUnitOption("Service", "ProtectKernelModules", "yes"), - unit.NewUnitOption("Service", "ProtectKernelTunables", "yes"), - unit.NewUnitOption("Service", "RestrictAddressFamilies", "AF_UNIX"), - unit.NewUnitOption("Service", "RestrictNamespaces", "yes"), - unit.NewUnitOption("Service", "RestrictRealtime", "yes"), - unit.NewUnitOption("Service", "SystemCallArchitectures", "native"), - unit.NewUnitOption("Service", "SystemCallErrorNumber", "EPERM"), - unit.NewUnitOption("Service", "SystemCallFilter", "@system-service"), - unit.NewUnitOption("Service", "UMask", "0777"), - unit.NewUnitOption("Install", "WantedBy", "docker.service"), - }) - - _, err = io.Copy(os.Stdout, serviceUnit) - if err != nil { - panic(fmt.Errorf("could not output service unit: %w", err)) - } -} - -func serverVersion() string { - var out bytes.Buffer - - cmd := exec.Command("docker", "version", "--format", "{{ .Server.APIVersion }}") - cmd.Stdout = &out - - err := cmd.Run() - if err != nil { - log.Fatal(err) - } - - return strings.Trim(out.String(), "\n") -}