ALR-updater/scripts/install.sh

#!/bin/bash
set -e

# Цвета для вывода
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color

echo -e "${GREEN}ALR Updater Installation Script${NC}"
echo "==============================="

# Проверка прав root
if [[ $EUID -ne 0 ]]; then
   echo -e "${RED}This script must be run as root${NC}"
   exit 1
fi

# Переменные
BINARY_PATH="/usr/local/bin/alr-updater"
SERVICE_NAME="alr-updater"
SERVICE_USER="alr-updater"
SERVICE_GROUP="wheel"
CONFIG_DIR="/etc/alr-updater"
DATA_DIR="/var/lib/alr-updater"
CACHE_DIR="/var/cache/alr-updater"
PLUGIN_DIR="${CONFIG_DIR}/plugins"
LOG_FILE="/var/log/alr-updater.log"

# Создание пользователя и добавление в группу wheel
echo -e "${YELLOW}Creating user and adding to wheel group...${NC}"
if ! id -u ${SERVICE_USER} >/dev/null 2>&1; then
    useradd -r -s /bin/false -d /var/lib/${SERVICE_USER} -G wheel ${SERVICE_USER}
    echo -e "${GREEN}User ${SERVICE_USER} created and added to wheel group${NC}"
else
    # Добавляем существующего пользователя в группу wheel
    usermod -a -G wheel ${SERVICE_USER}
    echo -e "${GREEN}User ${SERVICE_USER} already exists, added to wheel group${NC}"
fi

# Создание директорий
echo -e "${YELLOW}Creating directories...${NC}"
mkdir -p ${CONFIG_DIR}
mkdir -p ${DATA_DIR}
mkdir -p ${CACHE_DIR}
mkdir -p ${PLUGIN_DIR}

# Создание файла лога
echo -e "${YELLOW}Creating log file...${NC}"
touch ${LOG_FILE}
chown ${SERVICE_USER}:${SERVICE_GROUP} ${LOG_FILE}
chmod 664 ${LOG_FILE}

# Установка прав доступа с setgid битом
echo -e "${YELLOW}Setting permissions with setgid...${NC}"
chown -R root:${SERVICE_GROUP} ${DATA_DIR}
chown -R root:${SERVICE_GROUP} ${CACHE_DIR}
chown -R root:${SERVICE_GROUP} ${CONFIG_DIR}
chmod 2775 ${CONFIG_DIR}
chmod 2775 ${PLUGIN_DIR}
chmod 2775 ${DATA_DIR}
chmod 2775 ${CACHE_DIR}

# Копирование бинарника
if [ -f "./alr-updater" ]; then
    echo -e "${YELLOW}Installing binary...${NC}"
    cp ./alr-updater ${BINARY_PATH}
    chmod 755 ${BINARY_PATH}
    echo -e "${GREEN}Binary installed to ${BINARY_PATH}${NC}"
else
    echo -e "${YELLOW}Binary not found in current directory, skipping binary installation${NC}"
fi

# Создание примера конфигурации, если не существует
if [ ! -f "${CONFIG_DIR}/config.toml" ]; then
    if [ -f "./alr-updater.example.toml" ]; then
        echo -e "${YELLOW}Creating example configuration...${NC}"
        cp ./alr-updater.example.toml ${CONFIG_DIR}/config.toml
        chown root:${SERVICE_GROUP} ${CONFIG_DIR}/config.toml
        chmod 640 ${CONFIG_DIR}/config.toml
        echo -e "${GREEN}Configuration created at ${CONFIG_DIR}/config.toml${NC}"
        echo -e "${YELLOW}Please edit the configuration file before starting the service${NC}"
    fi
fi

# Создание systemd service файла
echo -e "${YELLOW}Creating systemd service...${NC}"
cat > /etc/systemd/system/${SERVICE_NAME}.service << EOF
[Unit]
Description=ALR Updater Service
After=network.target

[Service]
Type=simple
User=${SERVICE_USER}
Group=${SERVICE_GROUP}
ExecStart=${BINARY_PATH}
Restart=on-failure
RestartSec=30
StandardOutput=journal
StandardError=journal
SyslogIdentifier=${SERVICE_NAME}

# Безопасность
NoNewPrivileges=true
PrivateTmp=true
ProtectSystem=strict
ProtectHome=true
ReadWritePaths=${DATA_DIR} ${CACHE_DIR} ${LOG_FILE}
ReadOnlyPaths=${CONFIG_DIR}

[Install]
WantedBy=multi-user.target
EOF

# Перезагрузка systemd
echo -e "${YELLOW}Reloading systemd...${NC}"
systemctl daemon-reload

# Включение сервиса
echo -e "${YELLOW}Enabling service...${NC}"
systemctl enable ${SERVICE_NAME}.service

echo ""
echo -e "${GREEN}Installation completed!${NC}"
echo ""
echo "Next steps:"
echo "1. Edit configuration: nano ${CONFIG_DIR}/config.toml"
echo "2. Add plugins to: ${PLUGIN_DIR}/"
echo "3. Start service: systemctl start ${SERVICE_NAME}"
echo "4. Check status: systemctl status ${SERVICE_NAME}"
echo "5. View logs: journalctl -u ${SERVICE_NAME} -f"