From 8cf408e96689afc3a03afd1209cdc9cdc68330d3 Mon Sep 17 00:00:00 2001 From: Paul van Tilburg Date: Sun, 23 Jul 2023 12:14:59 +0200 Subject: [PATCH 1/4] Fix up permissions of the database path Also apply the database creation and ownership change on every installation and upgrade. --- debian/postinst | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/debian/postinst b/debian/postinst index 73e554b7..dfa599de 100644 --- a/debian/postinst +++ b/debian/postinst @@ -19,11 +19,11 @@ case "$1" in _matrix-conduit fi - # Create the database path if it does not exist yet. - if [ ! -d "$CONDUIT_DATABASE_PATH" ]; then - mkdir -p "$CONDUIT_DATABASE_PATH" - chown _matrix-conduit "$CONDUIT_DATABASE_PATH" - fi + # Create the database path if it does not exist yet and fix up ownership + # and permissions. + mkdir -p "$CONDUIT_DATABASE_PATH" + chown _matrix-conduit "$CONDUIT_DATABASE_PATH" + chmod 700 "$CONDUIT_DATABASE_PATH" if [ ! -e "$CONDUIT_CONFIG_FILE" ]; then # Write the debconf values in the config. From 433dad6ac2d7cba9146a403cddafdacfef6ceacc Mon Sep 17 00:00:00 2001 From: Paul van Tilburg Date: Sun, 23 Jul 2023 12:24:37 +0200 Subject: [PATCH 2/4] Turn README.Debian into a markdown file It is common to have a markdown file per deployment subdirectory. Still install it as `README.Debian` to `/usr/share/doc/matrix-conduit` as per Debian policy. Also update the link in the main `README.md` file. --- Cargo.toml | 2 +- README.md | 2 +- debian/{README.Debian => README.md} | 10 +++++----- 3 files changed, 7 insertions(+), 7 deletions(-) rename debian/{README.Debian => README.md} (73%) diff --git a/Cargo.toml b/Cargo.toml index ae7de599..9196cf46 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -137,7 +137,7 @@ instead of a server that has high scalability.""" section = "net" priority = "optional" assets = [ - ["debian/README.Debian", "usr/share/doc/matrix-conduit/", "644"], + ["debian/README.md", "usr/share/doc/matrix-conduit/README.Debian", "644"], ["README.md", "usr/share/doc/matrix-conduit/", "644"], ["target/release/conduit", "usr/sbin/matrix-conduit", "755"], ] diff --git a/README.md b/README.md index 8fabefd6..52ea3c1f 100644 --- a/README.md +++ b/README.md @@ -39,7 +39,7 @@ Check out the [Conduit 1.0 Release Milestone](https://gitlab.com/famedly/conduit #### How can I deploy my own? - Simple install (this was tested the most): [DEPLOY.md](DEPLOY.md) -- Debian package: [debian/README.Debian](debian/README.Debian) +- Debian package: [debian/README.md](debian/README.md) - Nix/NixOS: [nix/README.md](nix/README.md) - Docker: [docker/README.md](docker/README.md) diff --git a/debian/README.Debian b/debian/README.md similarity index 73% rename from debian/README.Debian rename to debian/README.md index 5f63b5cb..b0f86587 100644 --- a/debian/README.Debian +++ b/debian/README.md @@ -6,23 +6,23 @@ Configuration When installed, Debconf generates the configuration of the homeserver (host)name, the address and port it listens on. This configuration ends up in -/etc/matrix-conduit/conduit.toml. +`/etc/matrix-conduit/conduit.toml`. You can tweak more detailed settings by uncommenting and setting the variables -in /etc/matrix-conduit/conduit.toml. This involves settings such as the maximum +in `/etc/matrix-conduit/conduit.toml`. This involves settings such as the maximum file size for download/upload, enabling federation, etc. Running ------- -The package uses the matrix-conduit.service systemd unit file to start and +The package uses the `matrix-conduit.service` systemd unit file to start and stop Conduit. It loads the configuration file mentioned above to set up the environment before running the server. This package assumes by default that Conduit will be placed behind a reverse proxy such as Apache or nginx. This default deployment entails just listening -on 127.0.0.1 and the free port 6167 and is reachable via a client using the URL -http://localhost:6167. +on `127.0.0.1` and the free port `6167` and is reachable via a client using the URL +. At a later stage this packaging may support also setting up TLS and running stand-alone. In this case, however, you need to set up some certificates and From 3cd3d0e0ff30524c7531f0e35bb50604770c5403 Mon Sep 17 00:00:00 2001 From: Paul van Tilburg Date: Sun, 23 Jul 2023 12:34:48 +0200 Subject: [PATCH 3/4] Add section about how to download/install/deploy This refers to `DEPLOY.md` as to not duplicate the information. --- debian/README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/debian/README.md b/debian/README.md index b0f86587..443be76b 100644 --- a/debian/README.md +++ b/debian/README.md @@ -1,6 +1,14 @@ Conduit for Debian ================== +Installation +------------ + +Information about downloading, building and deploying the Debian package, see +the "Installing Conduit" section in [DEPLOY.md](../DEPLOY.md). +All following sections until "Setting up the Reverse Proxy" be ignored because +this is handled automatically by the packaging. + Configuration ------------- From b1a591a06ce40ba63da45bbdc7432ba63a005171 Mon Sep 17 00:00:00 2001 From: Paul van Tilburg Date: Sun, 23 Jul 2023 12:37:47 +0200 Subject: [PATCH 4/4] Also create the conduit (system) group The `chown` command mentioned later in `DEPLOY.md` needs this group to exist. Also make sure this account cannot be used to login with by disabling its password and its shell. This is similar to how the Debian `postinst` script does this. --- DEPLOY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/DEPLOY.md b/DEPLOY.md index b7433380..ec7dd461 100644 --- a/DEPLOY.md +++ b/DEPLOY.md @@ -81,7 +81,7 @@ you to make sure that the file permissions are correctly set up. In Debian or RHEL, you can use this command to create a Conduit user: ```bash -sudo adduser --system conduit --no-create-home +sudo adduser --system conduit --group --disable-login --no-create-home ``` ## Forwarding ports in the firewall or the router