barrier/dist/systemd/barrierc@.service.in

#  Barrier Client service barrierc-@BARRIER_VERSION@
#
#  This file is part of Barrier.
#
#  This is a systemd template service for the barrierc client service. Instances
#  are started using @<hostname>. For example:
#
#  Starting:
#   systemctl start barrierc@myserver
#  or:
#   systemctl start barrierc@myserver:24800
#
#  Enabling:
#   systemctl enable barrierc@myserver
#
#  SSL Fingerprints are stored in /var/lib/barrier@<hostname> for each client 
#  instance.

[Unit]
Description=Barrier Client connected to %I (Open-source KVM software)
Documentation=man:barrierc(1) man:barriers(1)
Documentation=https://github.com/debauchee/barrier/wiki
# Require network before starting barrierc
After=network-online.target
Wants=network-online.target
# Don't run client if server is running
Conflicts=barriers.service

[Service]
Type=exec
# Log level may be FATAL, ERROR, WARNING, NOTE, INFO, DEBUG, DEBUG1, DEBUG2
Environment=LOG_LEVEL=INFO
# Default display is :0
Environment=DISPLAY=:0
# Store fingerprints in instnace specific directories
Environment=XDG_DATA_HOME=/var/lib/barrier@%i
# TrustedServers.txt Directory
Environment=FP_DIR=/var/lib/barrier@%i/barrier/SSL/Fingerprints
# Ensure the Fingerprints directory exists
ExecStartPre=mkdir -p "${FP_DIR}"

# This uses openssl commands and grep to get the server's key and 
# store it in the TrustedServers.txt file. OpenSSL is a requirement
# for barrier on Linux so these commands should exist. This will only
# work if using the default 24800 port (since the port number must be
# specified for openssl)
ExecStartPre=sh -c "[ -f "${FP_DIR}/TrustedServers.txt" ] ||\
openssl s_client -connect %i:24800 2>/dev/null |\
openssl x509 -noout -sha1 -fingerprint |\
grep -oE '([A-Z0-9]{2}:?){20}' > ${FP_DIR}/TrustedServers.txt"

# Main executable
ExecStart=/usr/bin/barrierc --enable-crypto --display ${DISPLAY} --debug ${LOG_LEVEL} --no-daemon %i
# Restart on fail
Restart=always

[Install]
# Install to graphical target
WantedBy=graphical.target
add systemd services 2020-05-26 02:38:07 +00:00			`# Barrier Client service barrierc-@BARRIER_VERSION@`
			`#`
			`# This file is part of Barrier.`
			`#`
			`# This is a systemd template service for the barrierc client service. Instances`
			`# are started using @<hostname>. For example:`
			`#`
			`# Starting:`
			`# systemctl start barrierc@myserver`
			`# or:`
			`# systemctl start barrierc@myserver:24800`
			`#`
			`# Enabling:`
			`# systemctl enable barrierc@myserver`
			`#`
change paths fix hardcoded hostname 2020-05-26 23:26:26 +00:00			`# SSL Fingerprints are stored in /var/lib/barrier@<hostname> for each client`
add systemd services 2020-05-26 02:38:07 +00:00			`# instance.`

			`[Unit]`
			`Description=Barrier Client connected to %I (Open-source KVM software)`
			`Documentation=man:barrierc(1) man:barriers(1)`
			`Documentation=https://github.com/debauchee/barrier/wiki`
			`# Require network before starting barrierc`
			`After=network-online.target`
			`Wants=network-online.target`
			`# Don't run client if server is running`
			`Conflicts=barriers.service`

			`[Service]`
			`Type=exec`
			`# Log level may be FATAL, ERROR, WARNING, NOTE, INFO, DEBUG, DEBUG1, DEBUG2`
			`Environment=LOG_LEVEL=INFO`
			`# Default display is :0`
			`Environment=DISPLAY=:0`
			`# Store fingerprints in instnace specific directories`
change paths fix hardcoded hostname 2020-05-26 23:26:26 +00:00			`Environment=XDG_DATA_HOME=/var/lib/barrier@%i`
add systemd services 2020-05-26 02:38:07 +00:00			`# TrustedServers.txt Directory`
change paths fix hardcoded hostname 2020-05-26 23:26:26 +00:00			`Environment=FP_DIR=/var/lib/barrier@%i/barrier/SSL/Fingerprints`
add systemd services 2020-05-26 02:38:07 +00:00			`# Ensure the Fingerprints directory exists`
			`ExecStartPre=mkdir -p "${FP_DIR}"`

			`# This uses openssl commands and grep to get the server's key and`
			`# store it in the TrustedServers.txt file. OpenSSL is a requirement`
change paths fix hardcoded hostname 2020-05-26 23:26:26 +00:00			`# for barrier on Linux so these commands should exist. This will only`
			`# work if using the default 24800 port (since the port number must be`
			`# specified for openssl)`
add systemd services 2020-05-26 02:38:07 +00:00			`ExecStartPre=sh -c "[ -f "${FP_DIR}/TrustedServers.txt" ] \|\|\`
change paths fix hardcoded hostname 2020-05-26 23:26:26 +00:00			`openssl s_client -connect %i:24800 2>/dev/null \|\`
add systemd services 2020-05-26 02:38:07 +00:00			`openssl x509 -noout -sha1 -fingerprint \|\`
			`grep -oE '([A-Z0-9]{2}:?){20}' > ${FP_DIR}/TrustedServers.txt"`

			`# Main executable`
			`ExecStart=/usr/bin/barrierc --enable-crypto --display ${DISPLAY} --debug ${LOG_LEVEL} --no-daemon %i`
			`# Restart on fail`
			`Restart=always`

			`[Install]`
			`# Install to graphical target`
			`WantedBy=graphical.target`