diff --git a/DEBIAN/postinst b/DEBIAN/postinst index 100f225..e8f45ed 100755 --- a/DEBIAN/postinst +++ b/DEBIAN/postinst @@ -28,28 +28,22 @@ case "$1" in ;; esac +# The following line should be removed in trixie or trixie+1 +deb-systemd-helper unmask 'reaction.service' >/dev/null || true -if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then - # The following line should be removed in trixie or trixie+1 - deb-systemd-helper unmask 'reaction.service' >/dev/null || true - - # was-enabled defaults to true, so new installations run enable. - if deb-systemd-helper --quiet was-enabled 'reaction.service'; then - # Enables the unit on first installation, creates new - # symlinks on upgrades if the unit file has changed. - deb-systemd-helper enable 'reaction.service' >/dev/null || true - else - # Update the statefile to add new symlinks (if any), which need to be - # cleaned up on purge. Also remove old symlinks. - deb-systemd-helper update-state 'reaction.service' >/dev/null || true - fi +# was-enabled defaults to true, so new installations run enable. +if deb-systemd-helper --quiet was-enabled 'reaction.service'; then + # Enables the unit on first installation, creates new + # symlinks on upgrades if the unit file has changed. + deb-systemd-helper enable 'reaction.service' >/dev/null || true +else + # Update the statefile to add new symlinks (if any), which need to be + # cleaned up on purge. Also remove old symlinks. + deb-systemd-helper update-state 'reaction.service' >/dev/null || true fi - -if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then - if [ -d /run/systemd/system ]; then - systemctl --system daemon-reload >/dev/null || true - fi +if [ -d /run/systemd/system ]; then + systemctl --system daemon-reload >/dev/null || true fi diff --git a/Makefile b/Makefile index 3c28f22..cdd17c6 100644 --- a/Makefile +++ b/Makefile @@ -14,7 +14,7 @@ reaction.deb: reaction ip46tables mkdir -p deb/reaction/usr/bin/ deb/reaction/usr/sbin/ deb/reaction/lib/systemd/system/ cp reaction deb/reaction/usr/bin/ cp ip46tables deb/reaction/usr/sbin/ - cp reaction.service deb/reaction/lib/systemd/system/ + cp config/reaction.debian.service deb/reaction/lib/systemd/system/reaction.service cp -r DEBIAN/ deb/reaction/DEBIAN sed -e "s/LAST_TAG/`git tag --sort=v:refname | tail -n1`/" -e "s/Version: v/Version: /" -i deb/reaction/DEBIAN/* cd deb && dpkg-deb --root-owner-group --build reaction diff --git a/README.md b/README.md index 22be734..865b8b0 100644 --- a/README.md +++ b/README.md @@ -28,7 +28,7 @@ both are extensions of JSON, so JSON is transitively supported. - See [reaction.yml](./app/example.yml) or [reaction.jsonnet](./config/example.jsonnet) for a fully explained reference - See [server.jsonnet](./config/server.jsonnet) for a real-world configuration -- See [reaction.service](./config/reaction.service) for a systemd service file +- See [reaction.example.service](./config/reaction.example.service) for a systemd service file - This quick example shows what's needed to prevent brute force attacks on an ssh server:
@@ -152,6 +152,21 @@ Executables are provided [here](https://framagit.org/ppom/reaction/-/releases/), A standard place to put such executables is `/usr/local/bin/`. +#### Debian + +The releases also contain a `reaction.deb` file, which packages reaction & ip46tables. +You can install it using `sudo apt install ./reaction.deb`. +You'll have to create a configuration at `/etc/reaction.jsonnet`. + +If you want to use another configuration format (YAML or JSON), you can override systemd's `ExecStart` command in `/etc/systemd/system/reaction.service` like this: +```systemd +[Service] +# First an empty directive to reset the default one +ExecStart= +# Then put what you want +ExecStart=/usr/bin/reaction start -c /etc/reaction.yml +``` + ### Compilation You'll need the go (>= 1.20) toolchain for reaction and a c compiler for ip46tables. @@ -169,7 +184,7 @@ $ gcc ip46tables.d/ip46tables.c -o ip46tables Provided binaries in the previous section are compiled this way: ```shell -$ docker run -it --rm -v $(pwd):/code -w /code -e CGO_ENABLED=0 golang:1.20 make +$ docker run -it --rm -e HOME=/tmp/ -v $(pwd):/tmp/code -w /tmp/code -u $(id -u) golang:1.20 make clean reaction.deb ``` ### NixOS diff --git a/reaction.service b/config/reaction.debian.service similarity index 82% rename from reaction.service rename to config/reaction.debian.service index f4840ad..d60119a 100644 --- a/reaction.service +++ b/config/reaction.debian.service @@ -3,7 +3,7 @@ Description=A daemon that scans program outputs for repeated patterns, and takes Documentation=https://framagit.org/ppom/reaction-wiki [Service] -ExecStart=/usr/bin/reaction start -c /etc/reaction.yml +ExecStart=/usr/bin/reaction start -c /etc/reaction.jsonnet StateDirectory=reaction RuntimeDirectory=reaction WorkingDirectory=/var/lib/reaction diff --git a/config/reaction.service b/config/reaction.example.service similarity index 87% rename from config/reaction.service rename to config/reaction.example.service index 760ea2e..aa4522d 100644 --- a/config/reaction.service +++ b/config/reaction.example.service @@ -4,7 +4,7 @@ WantedBy=multi-user.target # See `man systemd.exec` and `man systemd.service` for most options below [Service] -ExecStart=/path/to/reaction start -c /etc/reaction.yml +ExecStart=/path/to/reaction start -c /etc/reaction.jsonnet # Ask systemd to create /var/lib/reaction (/var/lib/ is implicit) StateDirectory=reaction