From: Ben Harris Date: Sun, 1 Mar 2026 13:45:34 +0000 (+0000) Subject: Add a systemd unit file for hippotatd.service X-Git-Tag: debian/1.3.1~2^2~4 X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?a=commitdiff_plain;h=815913410e07aeba13922d8844e023720405e5e1;p=hippotat.git Add a systemd unit file for hippotatd.service This mostly replicates the functionality of the existing init script. It uses the same /etc/default/hippotatd as the init script, but loads it using EnvironmentFile=. That means that variable assignments in that file will work, but not more complicated shell constructs. systemd doesn't have a convenient way to set the service user from an environment variable, so users who have set USER in /etc/default/hippotatd will instead need to create a drop-in file under /etc/systemd/system/hippotatd.service.d containing something like: [Service] User=my-hippotat-user The init script checks that USER (possibly set by /etc/default/hippotatd) and LOGNAME (set by systemd based on User=) agree to make sure that both sources agree on what user hippotatd should run as. --- diff --git a/debian/hippotat-server.hippotatd.service b/debian/hippotat-server.hippotatd.service new file mode 100644 index 0000000..b62c3a6 --- /dev/null +++ b/debian/hippotat-server.hippotatd.service @@ -0,0 +1,42 @@ +[Unit] +Description=asinine IP over HTTP server +Wants=userv.service + +[Service] +# These settings can be overridden in /etc/default/hippotatd +Environment=DAEMON=/usr/sbin/hippotatd +Environment=MAIN_CONFIG=/etc/hippotat/main.cfg +Environment=LOGFACILITY=daemon +Environment=CHECK_FIREWALL=true +Environment=HIPPOTATD_ARGS= + +EnvironmentFile=-/etc/default/hippotatd + +User=_hippotat + +# Don't run if unconfigured. +ExecCondition=egrep -q '^[^ \t#]' ${MAIN_CONFIG} + +# Fail if user appears to have overridden USER but not User= (which +# sets LOGNAME). To change the user that hippotatd runs as, use a +# drop-in in /etc/systemd/system/hippotatd.service.d to override +# User=. +ExecStartPre=test ${USER} = ${LOGNAME} + +# Fetch iptables configuration and check if it's reasonable if +# CHECK_FIREWALL is "true". +RuntimeDirectory=hippotat +RuntimeDirectoryMode=0700 +ExecStartPre=:!sh -c 'if "${CHECK_FIREWALL}"; then \ + iptables -L -v -n > "${RUNTIME_DIRECTORY}"/firewall_rules; fi' +ExecStartPre=:sh -c 'if "${CHECK_FIREWALL}"; then \ + vnetwork="$($DAEMON $HIPPOTATD_ARGS --print-config vnetwork)" && \ + fgrep " $vnetwork " "${RUNTIME_DIRECTORY}"/firewall_rules > /dev/null; fi' + +Type=notify +ExecStart=:sh -c '\ + if type authbind >/dev/null 2>&1; then AUTHBIND=authbind; fi; \ + exec $AUTHBIND "$DAEMON" --syslog-facility="$LOGFACILITY" $HIPPOTATD_ARGS' + +[Install] +WantedBy=multi-user.target diff --git a/debian/rules b/debian/rules index e63965c..3e05817 100755 --- a/debian/rules +++ b/debian/rules @@ -5,6 +5,8 @@ override_dh_installinit: dh_installinit --name=hippotatd +override_dh_installsystemd: + dh_installsystemd --name=hippotatd # For local testing with upstream dependencies: # NAILING_CARGO=nailing-cargo make check diff --git a/docs/install.md b/docs/install.md index 227a9b3..631fb05 100644 --- a/docs/install.md +++ b/docs/install.md @@ -133,12 +133,13 @@ Startup - server The `hippotat-server` package supplies an init script +and a systemd unit, either of which will start the `hippotatd` server program, if `/etc/hippotat/main.cfg` exists. If you just created that file, `service hippotatd start` will start the server.. -Consult the init script to see options you can put in +Consult the init script or unit file to see options you can put in `/etc/default/hippotat`.