Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add systemd services (resolves #36, resolves #508) #694

Open
wants to merge 9 commits into
base: master
Choose a base branch
from
4 changes: 4 additions & 0 deletions CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -419,6 +419,10 @@ endif()
#
if (${CMAKE_SYSTEM_NAME} MATCHES "Linux")
configure_files (${CMAKE_CURRENT_SOURCE_DIR}/dist/rpm ${CMAKE_BINARY_DIR}/rpm)
configure_files (${CMAKE_CURRENT_SOURCE_DIR}/dist/systemd ${CMAKE_BINARY_DIR}/systemd)
install(FILES ${CMAKE_BINARY_DIR}/systemd/[email protected] DESTINATION lib/systemd/system)
install(FILES ${CMAKE_BINARY_DIR}/systemd/[email protected] DESTINATION lib/systemd/system)
install(FILES ${CMAKE_BINARY_DIR}/systemd/barriers.service DESTINATION lib/systemd/system)
install(FILES res/barrier.svg DESTINATION share/icons/hicolor/scalable/apps)
if("${VERSION_MAJOR}" STREQUAL "2")
install(FILES res/barrier2.desktop DESTINATION share/applications)
Expand Down
59 changes: 59 additions & 0 deletions dist/systemd/[email protected]
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
# Barrier Client service barrierc-@BARRIER_VERSION@
#
# This file is part of Barrier.
#
# This is a systemd template service for the barrierc client service. Instances
# are started using @<hostname>. For example:
#
# Starting:
# systemctl start barrierc@myserver
# or:
# systemctl start barrierc@myserver:24800
#
# Enabling:
# systemctl enable barrierc@myserver
#
# SSL Fingerprints are stored in /var/db/barrier@<hostname> for each client
simons-public marked this conversation as resolved.
Show resolved Hide resolved
# instance.

[Unit]
Description=Barrier Client connected to %I (Open-source KVM software)
Documentation=man:barrierc(1) man:barriers(1)
Documentation=https://github.com/debauchee/barrier/wiki
# Require network before starting barrierc
After=network-online.target
Wants=network-online.target
# Don't run client if server is running
Conflicts=barriers.service
# Sanity check that /var/db exists
ConditionPathExists=/var/db
simons-public marked this conversation as resolved.
Show resolved Hide resolved

[Service]
Type=exec
# Log level may be FATAL, ERROR, WARNING, NOTE, INFO, DEBUG, DEBUG1, DEBUG2
Environment=LOG_LEVEL=INFO
# Default display is :0
Environment=DISPLAY=:0
# Store fingerprints in instnace specific directories
simons-public marked this conversation as resolved.
Show resolved Hide resolved
Environment=XDG_DATA_HOME=/var/db/barrier@%i
# TrustedServers.txt Directory
Environment=FP_DIR=/var/db/barrier@%i/barrier/SSL/Fingerprints
# Ensure the Fingerprints directory exists
ExecStartPre=mkdir -p "${FP_DIR}"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note that Systemd Exec* commands need to be an absolute path on the current LTS release of Ubuntu (18.04.3) which runs Systemd 237. From that version of the man page ("COMMAND LINES" section):

The command to execute must be an absolute path name. It may contain spaces, but control characters are not allowed.

The current version of Systemd seems to relax this:

If the command is not a full (absolute) path, it will be resolved to a full path using a fixed search path determinted at compilation time. Searched directories include /usr/local/bin/, /usr/bin/, /bin/ on systems using split /usr/bin/ and /bin/ directories, and their sbin/ counterparts on systems using split bin/ and sbin/. It is thus safe to use just the executable name in case of executables located in any of the "standard" directories, and an absolute path must be used in other cases. Using an absolute path is recommended to avoid ambiguity. Hint: this search path may be queried using systemd-path search-binaries-default.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point, I'll change it to absolute paths


# This uses openssl commands and grep to get the server's key and
# store it in the TrustedServers.txt file. OpenSSL is a requirement
# for barrier on Linux so these commands should exist.
ExecStartPre=sh -c "[ -f "${FP_DIR}/TrustedServers.txt" ] ||\
openssl s_client -connect big.home:24800 2>/dev/null |\
simons-public marked this conversation as resolved.
Show resolved Hide resolved
openssl x509 -noout -sha1 -fingerprint |\
grep -oE '([A-Z0-9]{2}:?){20}' > ${FP_DIR}/TrustedServers.txt"
simons-public marked this conversation as resolved.
Show resolved Hide resolved

# Main executable
ExecStart=/usr/bin/barrierc --enable-crypto --display ${DISPLAY} --debug ${LOG_LEVEL} --no-daemon %i
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note that if Barrier is installed via Snap, the path to the executable is /snap/bin/barrier.barrierc etc. Are there CMake tokens for this you could use?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not seeing any thing in the CMakeLists.txt, but I'm doing some reading on Snap to see if there's an environment variable or something that can be used to change the path with CMake.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Snaps have native support for daemon services. Would that help?
https://snapcraft.io/docs/services-and-daemons

# Restart on fail
Restart=always

[Install]
# Install to graphical target
WantedBy=graphical.target
44 changes: 44 additions & 0 deletions dist/systemd/barriers.service.in
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
# Barrier Server service barriers-@BARRIER_VERSION@
#
# This file is part of Barrier.
#
# This systemd service starts barrier on the default port 24800.
#
# SSL data is stored in /var/db/barrier:24800/barrier/SSL

[Unit]
Description=Barrier Server listening on 24800 (Open-source KVM software)
Documentation=man:barriers(1) man:barrierc(1)
Documentation=https://github.com/debauchee/barrier/wiki
# Require network before starting barrierc
After=network-online.target
Wants=network-online.target
# Don't run server if client or another instance is running
[email protected] [email protected]
# Sanity check that /var/db exists
ConditionPathExists=/var/db

[Service]
Type=exec
# Log level may be FATAL, ERROR, WARNING, NOTE, INFO, DEBUG, DEBUG1, DEBUG2
Environment=LOG_LEVEL=INFO
# Default display is :0
Environment=DISPLAY=:0
# Store SSL data in instance specific directories
Environment=XDG_DATA_HOME=/var/db/barrier:24800
# SSL data directory
Environment=CERT_DIR=/var/db/barrier:24800/barrier/SSL

# Create the certificate directory
ExecStartPre=mkdir -p ${CERT_DIR}
# Create the Barrier.pem certificate if it doesn't exist
ExecStartPre=sh -c "[ -f ${CERT_DIR}/Barrier.pem ] || openssl req -x509 -nodes -days 365 -subj '/CN=Barrier' -newkey rsa:2048 -text -keyout ${CERT_DIR}/Barrier.pem -out ${CERT_DIR}/Barrier.pem"

# Main executable
ExecStart=/usr/bin/barriers --enable-crypto --display ${DISPLAY} --debug ${LOG_LEVEL} --config /etc/barrier.conf --no-daemon --address :24800
# Restart on fail
Restart=always

[Install]
# Install to graphical target
WantedBy=graphical.target
55 changes: 55 additions & 0 deletions dist/systemd/[email protected]
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
# Barrier Server service barriers-@BARRIER_VERSION@
#
# This file is part of Barrier.
#
# This is a systemd template service for running the barriers server using a
# specific port or IP. Instances are started using @[ip]:<port>. For example:
#
# Starting:
# systemctl start [email protected]:24800
# or:
# systemctl start barriers@:24800
#
# Enabling:
# systemctl enable [email protected]:24800
#
# SSL data is stored in /var/db/barrier<instance>/barrier/SSL for each
# instance.

[Unit]
Description=Barrier Server listening on %I (Open-source KVM software)
Documentation=man:barriers(1) man:barrierc(1)
Documentation=https://github.com/debauchee/barrier/wiki
# Require network before starting barrierc
After=network-online.target
Wants=network-online.target
# Don't run server if client or another server is running
[email protected] barriers.service
# Sanity check that /var/db exists
ConditionPathExists=/var/db

[Service]
Type=exec
# Log level may be FATAL, ERROR, WARNING, NOTE, INFO, DEBUG, DEBUG1, DEBUG2
Environment=LOG_LEVEL=INFO
# Default display is :0
Environment=DISPLAY=:0
# Store SSL data in instance specific directories
Environment=XDG_DATA_HOME=/var/db/barrier%i
# SSL data directory
Environment=CERT_DIR=/var/db/barrier%i/barrier/SSL

# Create the certificate directory
ExecStartPre=mkdir -p ${CERT_DIR}
# Create the Barrier.pem certificate if it doesn't exist
ExecStartPre=sh -c "[ -f ${CERT_DIR}/Barrier.pem ] || openssl req -x509 -nodes -days 365 -subj '/CN=Barrier' -newkey rsa:2048 -text -keyout ${CERT_DIR}/Barrier.pem -out ${CERT_DIR}/Barrier.pem"

# Main executable
ExecStart=/usr/bin/barriers --enable-crypto --display ${DISPLAY} --debug ${LOG_LEVEL} --config /etc/barrier.conf --no-daemon --address %i
# Restart on fail
Restart=always

[Install]
# Install to graphical target
WantedBy=graphical.target
DefaultInstance=:24800