Add systemd services (resolves #36, resolves #508) #694
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -419,6 +419,10 @@ endif() | |
| # | ||
| if (${CMAKE_SYSTEM_NAME} MATCHES "Linux") | ||
| configure_files (${CMAKE_CURRENT_SOURCE_DIR}/dist/rpm ${CMAKE_BINARY_DIR}/rpm) | ||
| configure_files (${CMAKE_CURRENT_SOURCE_DIR}/dist/systemd ${CMAKE_BINARY_DIR}/systemd) | ||
| install(FILES ${CMAKE_BINARY_DIR}/systemd/[email protected] DESTINATION lib/systemd/system) | ||
| install(FILES ${CMAKE_BINARY_DIR}/systemd/[email protected] DESTINATION lib/systemd/system) | ||
| install(FILES ${CMAKE_BINARY_DIR}/systemd/barriers.service DESTINATION lib/systemd/system) | ||
| install(FILES res/barrier.svg DESTINATION share/icons/hicolor/scalable/apps) | ||
| if("${VERSION_MAJOR}" STREQUAL "2") | ||
| install(FILES res/barrier2.desktop DESTINATION share/applications) | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,59 @@ | ||
| # Barrier Client service barrierc-@BARRIER_VERSION@ | ||
| # | ||
| # This file is part of Barrier. | ||
| # | ||
| # This is a systemd template service for the barrierc client service. Instances | ||
| # are started using @<hostname>. For example: | ||
| # | ||
| # Starting: | ||
| # systemctl start barrierc@myserver | ||
| # or: | ||
| # systemctl start barrierc@myserver:24800 | ||
| # | ||
| # Enabling: | ||
| # systemctl enable barrierc@myserver | ||
| # | ||
| # SSL Fingerprints are stored in /var/lib/barrier@<hostname> for each client | ||
| # instance. | ||
|
|
||
| [Unit] | ||
| Description=Barrier Client connected to %I (Open-source KVM software) | ||
| Documentation=man:barrierc(1) man:barriers(1) | ||
| Documentation=https://github.com/debauchee/barrier/wiki | ||
| # Require network before starting barrierc | ||
| After=network-online.target | ||
| Wants=network-online.target | ||
| # Don't run client if server is running | ||
| Conflicts=barriers.service | ||
|
|
||
| [Service] | ||
| Type=exec | ||
| # Log level may be FATAL, ERROR, WARNING, NOTE, INFO, DEBUG, DEBUG1, DEBUG2 | ||
| Environment=LOG_LEVEL=INFO | ||
| # Default display is :0 | ||
| Environment=DISPLAY=:0 | ||
| # Store fingerprints in instance specific directories | ||
| Environment=XDG_DATA_HOME=/var/lib/barrier/barrier@%i | ||
| # TrustedServers.txt Directory | ||
| Environment=FP_DIR=/var/lib/barrier/barrier@%i/barrier/SSL/Fingerprints | ||
| # Ensure the Fingerprints directory exists | ||
| ExecStartPre=mkdir -p "${FP_DIR}" | ||
|
|
||
| # This uses openssl commands and grep to get the server's key and | ||
| # store it in the TrustedServers.txt file. OpenSSL is a requirement | ||
| # for barrier on Linux so these commands should exist. This will only | ||
| # work if using the default 24800 port (since the port number must be | ||
| # specified for openssl) | ||
| ExecStartPre=sh -c "[ -f "${FP_DIR}/TrustedServers.txt" ] ||\ | ||
| openssl s_client -connect %i:24800 2>/dev/null |\ | ||
| openssl x509 -noout -sha1 -fingerprint |\ | ||
| grep -oE '([A-Z0-9]{2}:?){20}' > ${FP_DIR}/TrustedServers.txt" | ||
simons-public marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
|
||
| # Main executable | ||
| ExecStart=/usr/bin/barrierc --enable-crypto --display ${DISPLAY} --debug ${LOG_LEVEL} --no-daemon %i | ||
|
There was a problem hiding this comment. Note that if Barrier is installed via Snap, the path to the executable is There was a problem hiding this comment. I'm not seeing any thing in the CMakeLists.txt, but I'm doing some reading on Snap to see if there's an environment variable or something that can be used to change the path with CMake. There was a problem hiding this comment. Snaps have native support for daemon services. Would that help? |
||
| # Restart on fail | ||
| Restart=always | ||
|
|
||
| [Install] | ||
| # Install to graphical target | ||
| WantedBy=graphical.target | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,42 @@ | ||
| # Barrier Server service barriers-@BARRIER_VERSION@ | ||
| # | ||
| # This file is part of Barrier. | ||
| # | ||
| # This systemd service starts barrier on the default port 24800. | ||
| # | ||
| # SSL data is stored in /var/lib/barrier:24800/barrier/SSL | ||
|
|
||
| [Unit] | ||
| Description=Barrier Server listening on 24800 (Open-source KVM software) | ||
| Documentation=man:barriers(1) man:barrierc(1) | ||
| Documentation=https://github.com/debauchee/barrier/wiki | ||
| # Require network before starting barrierc | ||
| After=network-online.target | ||
| Wants=network-online.target | ||
| # Don't run server if client or another instance is running | ||
| [email protected] [email protected] | ||
|
|
||
| [Service] | ||
| Type=exec | ||
| # Log level may be FATAL, ERROR, WARNING, NOTE, INFO, DEBUG, DEBUG1, DEBUG2 | ||
| Environment=LOG_LEVEL=INFO | ||
| # Default display is :0 | ||
| Environment=DISPLAY=:0 | ||
| # Store SSL data in instance specific directories | ||
| Environment=XDG_DATA_HOME=/var/lib/barrier/barrier:24800 | ||
| # SSL data directory | ||
| Environment=CERT_DIR=/var/lib/barrier/barrier:24800/barrier/SSL | ||
|
|
||
| # Create the certificate directory | ||
| ExecStartPre=mkdir -p ${CERT_DIR} | ||
| # Create the Barrier.pem certificate if it doesn't exist | ||
| ExecStartPre=sh -c "[ -f ${CERT_DIR}/Barrier.pem ] || openssl req -x509 -nodes -days 365 -subj '/CN=Barrier' -newkey rsa:2048 -text -keyout ${CERT_DIR}/Barrier.pem -out ${CERT_DIR}/Barrier.pem" | ||
|
|
||
| # Main executable | ||
| ExecStart=/usr/bin/barriers --enable-crypto --display ${DISPLAY} --debug ${LOG_LEVEL} --config /etc/barrier.conf --no-daemon --address :24800 | ||
| # Restart on fail | ||
| Restart=always | ||
|
|
||
| [Install] | ||
| # Install to graphical target | ||
| WantedBy=graphical.target |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,55 @@ | ||
| # Barrier Server service barriers-@BARRIER_VERSION@ | ||
| # | ||
| # This file is part of Barrier. | ||
| # | ||
| # This is a systemd template service for running the barriers server using a | ||
| # specific port or IP. Instances are started using @[ip]:<port>. For example: | ||
| # | ||
| # Starting: | ||
| # systemctl start [email protected]:24800 | ||
| # or: | ||
| # systemctl start barriers@:24800 | ||
| # | ||
| # Enabling: | ||
| # systemctl enable [email protected]:24800 | ||
| # | ||
| # SSL data is stored in /var/lib/barrier/barrier<instance>/barrier/SSL for each | ||
| # instance. | ||
|
|
||
| [Unit] | ||
| Description=Barrier Server listening on %I (Open-source KVM software) | ||
| Documentation=man:barriers(1) man:barrierc(1) | ||
| Documentation=https://github.com/debauchee/barrier/wiki | ||
| # Require network before starting barrierc | ||
| After=network-online.target | ||
| Wants=network-online.target | ||
| # Don't run server if client or another server is running | ||
| [email protected] barriers.service | ||
| # Sanity check that /var/lib exists | ||
| ConditionPathExists=/var/lib | ||
|
|
||
| [Service] | ||
| Type=exec | ||
| # Log level may be FATAL, ERROR, WARNING, NOTE, INFO, DEBUG, DEBUG1, DEBUG2 | ||
| Environment=LOG_LEVEL=INFO | ||
| # Default display is :0 | ||
| Environment=DISPLAY=:0 | ||
| # Store SSL data in instance specific directories | ||
| Environment=XDG_DATA_HOME=/var/lib/barrier/barrier%i | ||
| # SSL data directory | ||
| Environment=CERT_DIR=/var/lib/barrier/barrier%i/barrier/SSL | ||
|
|
||
| # Create the certificate directory | ||
| ExecStartPre=mkdir -p ${CERT_DIR} | ||
| # Create the Barrier.pem certificate if it doesn't exist | ||
| ExecStartPre=sh -c "[ -f ${CERT_DIR}/Barrier.pem ] || openssl req -x509 -nodes -days 365 -subj '/CN=Barrier' -newkey rsa:2048 -text -keyout ${CERT_DIR}/Barrier.pem -out ${CERT_DIR}/Barrier.pem" | ||
|
|
||
| # Main executable | ||
| ExecStart=/usr/bin/barriers --enable-crypto --display ${DISPLAY} --debug ${LOG_LEVEL} --config /etc/barrier.conf --no-daemon --address %i | ||
| # Restart on fail | ||
| Restart=always | ||
|
|
||
| [Install] | ||
| # Install to graphical target | ||
| WantedBy=graphical.target | ||
| DefaultInstance=:24800 |
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Note that Systemd
Exec*commands need to be an absolute path on the current LTS release of Ubuntu (18.04.3) which runs Systemd 237. From that version of the man page ("COMMAND LINES" section):The current version of Systemd seems to relax this:
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good point, I'll change it to absolute paths