diff --git a/CMakeLists.txt b/CMakeLists.txt index 6a377c04..ababd2e0 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -419,6 +419,10 @@ endif() # if (${CMAKE_SYSTEM_NAME} MATCHES "Linux") configure_files (${CMAKE_CURRENT_SOURCE_DIR}/dist/rpm ${CMAKE_BINARY_DIR}/rpm) + configure_files (${CMAKE_CURRENT_SOURCE_DIR}/dist/systemd ${CMAKE_BINARY_DIR}/systemd) + install(FILES ${CMAKE_BINARY_DIR}/systemd/barrierc@.service DESTINATION lib/systemd/system) + install(FILES ${CMAKE_BINARY_DIR}/systemd/barriers@.service DESTINATION lib/systemd/system) + install(FILES ${CMAKE_BINARY_DIR}/systemd/barriers.service DESTINATION lib/systemd/system) install(FILES res/barrier.svg DESTINATION share/icons/hicolor/scalable/apps) if("${VERSION_MAJOR}" STREQUAL "2") install(FILES res/barrier2.desktop DESTINATION share/applications) diff --git a/dist/systemd/barrierc@.service.in b/dist/systemd/barrierc@.service.in new file mode 100644 index 00000000..7ae1a6a1 --- /dev/null +++ b/dist/systemd/barrierc@.service.in @@ -0,0 +1,59 @@ +# Barrier Client service barrierc-@BARRIER_VERSION@ +# +# This file is part of Barrier. +# +# This is a systemd template service for the barrierc client service. Instances +# are started using @. For example: +# +# Starting: +# systemctl start barrierc@myserver +# or: +# systemctl start barrierc@myserver:24800 +# +# Enabling: +# systemctl enable barrierc@myserver +# +# SSL Fingerprints are stored in /var/db/barrier@ for each client +# instance. + +[Unit] +Description=Barrier Client connected to %I (Open-source KVM software) +Documentation=man:barrierc(1) man:barriers(1) +Documentation=https://github.com/debauchee/barrier/wiki +# Require network before starting barrierc +After=network-online.target +Wants=network-online.target +# Don't run client if server is running +Conflicts=barriers.service +# Sanity check that /var/db exists +ConditionPathExists=/var/db + +[Service] +Type=exec +# Log level may be FATAL, ERROR, WARNING, NOTE, INFO, DEBUG, DEBUG1, DEBUG2 +Environment=LOG_LEVEL=INFO +# Default display is :0 +Environment=DISPLAY=:0 +# Store fingerprints in instnace specific directories +Environment=XDG_DATA_HOME=/var/db/barrier@%i +# TrustedServers.txt Directory +Environment=FP_DIR=/var/db/barrier@%i/barrier/SSL/Fingerprints +# Ensure the Fingerprints directory exists +ExecStartPre=mkdir -p "${FP_DIR}" + +# This uses openssl commands and grep to get the server's key and +# store it in the TrustedServers.txt file. OpenSSL is a requirement +# for barrier on Linux so these commands should exist. +ExecStartPre=sh -c "[ -f "${FP_DIR}/TrustedServers.txt" ] ||\ +openssl s_client -connect big.home:24800 2>/dev/null |\ +openssl x509 -noout -sha1 -fingerprint |\ +grep -oE '([A-Z0-9]{2}:?){20}' > ${FP_DIR}/TrustedServers.txt" + +# Main executable +ExecStart=/usr/bin/barrierc --enable-crypto --display ${DISPLAY} --debug ${LOG_LEVEL} --no-daemon %i +# Restart on fail +Restart=always + +[Install] +# Install to graphical target +WantedBy=graphical.target \ No newline at end of file diff --git a/dist/systemd/barriers.service.in b/dist/systemd/barriers.service.in new file mode 100644 index 00000000..fc013168 --- /dev/null +++ b/dist/systemd/barriers.service.in @@ -0,0 +1,44 @@ +# Barrier Server service barriers-@BARRIER_VERSION@ +# +# This file is part of Barrier. +# +# This systemd service starts barrier on the default port 24800. +# +# SSL data is stored in /var/db/barrier:24800/barrier/SSL + +[Unit] +Description=Barrier Server listening on 24800 (Open-source KVM software) +Documentation=man:barriers(1) man:barrierc(1) +Documentation=https://github.com/debauchee/barrier/wiki +# Require network before starting barrierc +After=network-online.target +Wants=network-online.target +# Don't run server if client or another instance is running +Conflicts=barrierc@.service barriers@.service +# Sanity check that /var/db exists +ConditionPathExists=/var/db + +[Service] +Type=exec +# Log level may be FATAL, ERROR, WARNING, NOTE, INFO, DEBUG, DEBUG1, DEBUG2 +Environment=LOG_LEVEL=INFO +# Default display is :0 +Environment=DISPLAY=:0 +# Store SSL data in instance specific directories +Environment=XDG_DATA_HOME=/var/db/barrier:24800 +# SSL data directory +Environment=CERT_DIR=/var/db/barrier:24800/barrier/SSL + +# Create the certificate directory +ExecStartPre=mkdir -p ${CERT_DIR} +# Create the Barrier.pem certificate if it doesn't exist +ExecStartPre=sh -c "[ -f ${CERT_DIR}/Barrier.pem ] || openssl req -x509 -nodes -days 365 -subj '/CN=Barrier' -newkey rsa:2048 -text -keyout ${CERT_DIR}/Barrier.pem -out ${CERT_DIR}/Barrier.pem" + +# Main executable +ExecStart=/usr/bin/barriers --enable-crypto --display ${DISPLAY} --debug ${LOG_LEVEL} --config /etc/barrier.conf --no-daemon --address :24800 +# Restart on fail +Restart=always + +[Install] +# Install to graphical target +WantedBy=graphical.target diff --git a/dist/systemd/barriers@.service.in b/dist/systemd/barriers@.service.in new file mode 100644 index 00000000..335bfeac --- /dev/null +++ b/dist/systemd/barriers@.service.in @@ -0,0 +1,55 @@ +# Barrier Server service barriers-@BARRIER_VERSION@ +# +# This file is part of Barrier. +# +# This is a systemd template service for running the barriers server using a +# specific port or IP. Instances are started using @[ip]:. For example: +# +# Starting: +# systemctl start barriers@0.0.0.0:24800 +# or: +# systemctl start barriers@:24800 +# +# Enabling: +# systemctl enable barriers@0.0.0.0:24800 +# +# SSL data is stored in /var/db/barrier/barrier/SSL for each +# instance. + +[Unit] +Description=Barrier Server listening on %I (Open-source KVM software) +Documentation=man:barriers(1) man:barrierc(1) +Documentation=https://github.com/debauchee/barrier/wiki +# Require network before starting barrierc +After=network-online.target +Wants=network-online.target +# Don't run server if client or another server is running +Conflicts=barrierc@.service barriers.service +# Sanity check that /var/db exists +ConditionPathExists=/var/db + +[Service] +Type=exec +# Log level may be FATAL, ERROR, WARNING, NOTE, INFO, DEBUG, DEBUG1, DEBUG2 +Environment=LOG_LEVEL=INFO +# Default display is :0 +Environment=DISPLAY=:0 +# Store SSL data in instance specific directories +Environment=XDG_DATA_HOME=/var/db/barrier%i +# SSL data directory +Environment=CERT_DIR=/var/db/barrier%i/barrier/SSL + +# Create the certificate directory +ExecStartPre=mkdir -p ${CERT_DIR} +# Create the Barrier.pem certificate if it doesn't exist +ExecStartPre=sh -c "[ -f ${CERT_DIR}/Barrier.pem ] || openssl req -x509 -nodes -days 365 -subj '/CN=Barrier' -newkey rsa:2048 -text -keyout ${CERT_DIR}/Barrier.pem -out ${CERT_DIR}/Barrier.pem" + +# Main executable +ExecStart=/usr/bin/barriers --enable-crypto --display ${DISPLAY} --debug ${LOG_LEVEL} --config /etc/barrier.conf --no-daemon --address %i +# Restart on fail +Restart=always + +[Install] +# Install to graphical target +WantedBy=graphical.target +DefaultInstance=:24800