From 2e223bf60f4768c369d4a240c792a6b26ce0dd17 Mon Sep 17 00:00:00 2001 From: J the Code Monkey Date: Sun, 10 Nov 2024 01:40:28 -0500 Subject: [PATCH] feat: set ownership and perms for files, directories, binaries etc. #53 (#70) --- cmd/install.go | 77 ++++++++++++------------ pkg/manager/apt.go | 8 ++- pkg/network/certbot.go | 53 +++++++++++++++- pkg/network/constants.go | 6 ++ pkg/network/nginx.go | 19 ++++++ pkg/relays/constants.go | 1 + pkg/relays/khatru29/constants.go | 7 ++- pkg/relays/khatru29/nginx_http.go | 4 ++ pkg/relays/khatru29/nginx_https.go | 2 + pkg/relays/khatru29/service.go | 20 +++++- pkg/relays/khatru_pyramid/constants.go | 7 ++- pkg/relays/khatru_pyramid/nginx_http.go | 4 ++ pkg/relays/khatru_pyramid/nginx_https.go | 2 + pkg/relays/khatru_pyramid/service.go | 20 +++++- pkg/relays/nostr_rs_relay/install.go | 2 + pkg/relays/nostr_rs_relay/nginx_http.go | 4 ++ pkg/relays/nostr_rs_relay/nginx_https.go | 2 + pkg/relays/nostr_rs_relay/service.go | 7 ++- pkg/relays/strfry/constants.go | 2 +- pkg/relays/strfry/install.go | 2 + pkg/relays/strfry/nginx_http.go | 4 ++ pkg/relays/strfry/nginx_https.go | 2 + pkg/relays/strfry/service.go | 7 ++- pkg/relays/strfry29/constants.go | 8 +-- pkg/relays/strfry29/install.go | 6 +- pkg/relays/strfry29/nginx_http.go | 4 ++ pkg/relays/strfry29/nginx_https.go | 2 + pkg/relays/strfry29/service.go | 11 ++-- pkg/relays/wot_relay/constants.go | 2 +- pkg/relays/wot_relay/install.go | 2 + pkg/relays/wot_relay/nginx_http.go | 4 ++ pkg/relays/wot_relay/nginx_https.go | 2 + pkg/relays/wot_relay/service.go | 19 +++++- pkg/utils/configuration/utils.go | 43 +++++++++++++ pkg/utils/directories/utils.go | 20 +++++- pkg/utils/files/utils.go | 18 +++--- pkg/utils/systemd/utils.go | 35 ----------- 37 files changed, 320 insertions(+), 118 deletions(-) create mode 100644 pkg/network/nginx.go create mode 100644 pkg/utils/configuration/utils.go diff --git a/cmd/install.go b/cmd/install.go index 08ef914..8d91e51 100644 --- a/cmd/install.go +++ b/cmd/install.go @@ -94,7 +94,10 @@ var installCmd = &cobra.Command{ // Step 3: Configure the intrusion detection system network.ConfigureIntrusionDetection() - // Setp 4: Create relay user + // Step 4: Configure Nginx + network.ConfigureNginx() + + // Setp 5: Create relay user spinner, _ := pterm.DefaultSpinner.Start(fmt.Sprintf("Checking if '%s' user exists...", relays.User)) if !users.UserExists(relays.User) { spinner.UpdateText(fmt.Sprintf("Creating '%s' user...", relays.User)) @@ -105,118 +108,118 @@ var installCmd = &cobra.Command{ } if selectedRelayOption == khatru_pyramid.RelayName { - // Step 5: Configure Nginx for HTTP + // Step 6: Configure Nginx for HTTP khatru_pyramid.ConfigureNginxHttp(relayDomain) - // Step 6: Get SSL/TLS certificates + // Step 7: Get SSL/TLS certificates httpsEnabled := network.GetCertificates(relayDomain) if httpsEnabled { - // Step 7: Configure Nginx for HTTPS + // Step 8: Configure Nginx for HTTPS khatru_pyramid.ConfigureNginxHttps(relayDomain) } - // Step 8: Download and install the relay binary + // Step 9: Download and install the relay binary khatru_pyramid.InstallRelayBinary(pubKey) - // Step 9: Set up the relay service + // Step 10: Set up the relay service khatru_pyramid.SetupRelayService(relayDomain, pubKey, relayContact) - // Step 10: Show success messages + // Step 11: Show success messages khatru_pyramid.SuccessMessages(relayDomain, httpsEnabled) } else if selectedRelayOption == nostr_rs_relay.RelayName { - // Step 5: Configure Nginx for HTTP + // Step 6: Configure Nginx for HTTP nostr_rs_relay.ConfigureNginxHttp(relayDomain) - // Step 6: Get SSL/TLS certificates + // Step 7: Get SSL/TLS certificates httpsEnabled := network.GetCertificates(relayDomain) if httpsEnabled { - // Step 7: Configure Nginx for HTTPS + // Step 8: Configure Nginx for HTTPS nostr_rs_relay.ConfigureNginxHttps(relayDomain) } - // Step 8: Download and install the relay binary + // Step 9: Download and install the relay binary nostr_rs_relay.InstallRelayBinary() - // Step 9: Set up the relay service + // Step 10: Set up the relay service nostr_rs_relay.SetupRelayService(relayDomain, pubKey, relayContact, httpsEnabled) - // Step 10: Show success messages + // Step 11: Show success messages nostr_rs_relay.SuccessMessages(relayDomain, httpsEnabled) } else if selectedRelayOption == strfry.RelayName { - // Step 5: Configure Nginx for HTTP + // Step 6: Configure Nginx for HTTP strfry.ConfigureNginxHttp(relayDomain) - // Step 6: Get SSL/TLS certificates + // Step 7: Get SSL/TLS certificates httpsEnabled := network.GetCertificates(relayDomain) if httpsEnabled { - // Step 7: Configure Nginx for HTTPS + // Step 8: Configure Nginx for HTTPS strfry.ConfigureNginxHttps(relayDomain) } - // Step 8: Download and install the relay binary + // Step 9: Download and install the relay binary strfry.InstallRelayBinary() - // Step 9: Set up the relay service + // Step 10: Set up the relay service strfry.SetupRelayService(relayDomain, relayContact) - // Step 10: Show success messages + // Step 11: Show success messages strfry.SuccessMessages(relayDomain, httpsEnabled) } else if selectedRelayOption == wot_relay.RelayName { - // Step 5: Configure Nginx for HTTP + // Step 6: Configure Nginx for HTTP wot_relay.ConfigureNginxHttp(relayDomain) - // Step 6: Get SSL/TLS certificates + // Step 7: Get SSL/TLS certificates httpsEnabled := network.GetCertificates(relayDomain) if httpsEnabled { - // Step 7: Configure Nginx for HTTPS + // Step 8: Configure Nginx for HTTPS wot_relay.ConfigureNginxHttps(relayDomain) } - // Step 8: Download and install the relay binary + // Step 9: Download and install the relay binary wot_relay.InstallRelayBinary(pubKey) - // Step 9: Set up the relay service + // Step 10: Set up the relay service wot_relay.SetupRelayService(relayDomain, pubKey, relayContact, httpsEnabled) - // Step 10: Show success messages + // Step 11: Show success messages wot_relay.SuccessMessages(relayDomain, httpsEnabled) } else if selectedRelayOption == khatru29.RelayName { - // Step 5: Configure Nginx for HTTP + // Step 6: Configure Nginx for HTTP khatru29.ConfigureNginxHttp(relayDomain) - // Step 6: Get SSL/TLS certificates + // Step 7: Get SSL/TLS certificates httpsEnabled := network.GetCertificates(relayDomain) if httpsEnabled { - // Step 7: Configure Nginx for HTTPS + // Step 8: Configure Nginx for HTTPS khatru29.ConfigureNginxHttps(relayDomain) } - // Step 8: Download and install the relay binary + // Step 9: Download and install the relay binary khatru29.InstallRelayBinary() - // Step 9: Set up the relay service + // Step 10: Set up the relay service khatru29.SetupRelayService(relayDomain, privKey, relayContact) - // Step 10: Show success messages + // Step 11: Show success messages khatru29.SuccessMessages(relayDomain, httpsEnabled) } else if selectedRelayOption == strfry29.RelayName { - // Step 5: Configure Nginx for HTTP + // Step 6: Configure Nginx for HTTP strfry29.ConfigureNginxHttp(relayDomain) - // Step 6: Get SSL/TLS certificates + // Step 7: Get SSL/TLS certificates httpsEnabled := network.GetCertificates(relayDomain) if httpsEnabled { - // Step 7: Configure Nginx for HTTPS + // Step 8: Configure Nginx for HTTPS strfry29.ConfigureNginxHttps(relayDomain) } - // Step 8: Download and install the relay binary + // Step 9: Download and install the relay binary strfry29.InstallRelayBinary() - // Step 9: Set up the relay service + // Step 10: Set up the relay service strfry29.SetupRelayService(relayDomain, privKey, relayContact) - // Step 10: Show success messages + // Step 11: Show success messages strfry29.SuccessMessages(relayDomain, httpsEnabled) } diff --git a/pkg/manager/apt.go b/pkg/manager/apt.go index 6df50cc..e24d4fe 100644 --- a/pkg/manager/apt.go +++ b/pkg/manager/apt.go @@ -2,12 +2,14 @@ package manager import ( "fmt" + "os" + "os/exec" + "github.com/nodetec/rwz/pkg/relays/nostr_rs_relay" "github.com/nodetec/rwz/pkg/relays/strfry" "github.com/nodetec/rwz/pkg/relays/strfry29" + "github.com/nodetec/rwz/pkg/relays/wot_relay" "github.com/pterm/pterm" - "os" - "os/exec" ) // Function to check if a package is installed @@ -46,7 +48,7 @@ func AptInstallPackages(selectedRelayOption string) { packages := []string{"nginx", "certbot", "python3-certbot-nginx", "ufw", "fail2ban"} - if selectedRelayOption == nostr_rs_relay.RelayName || selectedRelayOption == strfry.RelayName || selectedRelayOption == strfry29.RelayName { + if selectedRelayOption == nostr_rs_relay.RelayName || selectedRelayOption == strfry.RelayName || selectedRelayOption == wot_relay.RelayName || selectedRelayOption == strfry29.RelayName { packages = append(packages, "git") } diff --git a/pkg/network/certbot.go b/pkg/network/certbot.go index 40eefd6..fed1605 100644 --- a/pkg/network/certbot.go +++ b/pkg/network/certbot.go @@ -2,13 +2,54 @@ package network import ( "fmt" - "github.com/nodetec/rwz/pkg/utils/files" - "github.com/pterm/pterm" "os" "os/exec" "strings" + + "github.com/nodetec/rwz/pkg/utils/directories" + "github.com/nodetec/rwz/pkg/utils/files" + "github.com/pterm/pterm" ) +func setDomainCertDirPerms(domainName string) { + DomainCertificateDirPath := fmt.Sprintf("%s/%s", CertificateDirPath, domainName) + + if directories.DirExists(DomainCertificateDirPath) { + directories.SetPermissions(DomainCertificateDirPath, 0700) + } +} + +func setDomainCertArchiveDirPerms(domainName string) { + DomainCertificateArchiveDirPath := fmt.Sprintf("%s/%s", CertificateArchiveDirPath, domainName) + + if directories.DirExists(DomainCertificateArchiveDirPath) { + directories.SetPermissions(DomainCertificateArchiveDirPath, 0700) + } +} + +func setDomainCertArchiveFilePerms(domainName string) { + FullchainArchiveFilePath := fmt.Sprintf("%s/%s/%s", CertificateArchiveDirPath, domainName, FullchainArchiveFile) + PrivkeyArchiveFilePath := fmt.Sprintf("%s/%s/%s", CertificateArchiveDirPath, domainName, PrivkeyArchiveFile) + ChainArchiveFilePath := fmt.Sprintf("%s/%s/%s", CertificateArchiveDirPath, domainName, ChainArchiveFile) + CertArchiveFilePath := fmt.Sprintf("%s/%s/%s", CertificateArchiveDirPath, domainName, CertArchiveFile) + + if files.FileExists(FullchainArchiveFilePath) { + files.SetPermissions(FullchainArchiveFilePath, 0600) + } + + if files.FileExists(PrivkeyArchiveFilePath) { + files.SetPermissions(PrivkeyArchiveFilePath, 0600) + } + + if files.FileExists(ChainArchiveFilePath) { + files.SetPermissions(ChainArchiveFilePath, 0600) + } + + if files.FileExists(CertArchiveFilePath) { + files.SetPermissions(CertArchiveFilePath, 0600) + } +} + // Function to get SSL/TLS certificates using Certbot func GetCertificates(domainName string) bool { ThemeDefault := pterm.ThemeDefault @@ -112,6 +153,10 @@ func GetCertificates(domainName string) bool { if files.FileExists(fmt.Sprintf("%s/%s/%s", CertificateDirPath, domainName, FullchainFile)) && files.FileExists(fmt.Sprintf("%s/%s/%s", CertificateDirPath, domainName, PrivkeyFile)) && files.FileExists(fmt.Sprintf("%s/%s/%s", CertificateDirPath, domainName, ChainFile)) { + setDomainCertDirPerms(domainName) + setDomainCertArchiveDirPerms(domainName) + setDomainCertArchiveFilePerms(domainName) + certificateSpinner.Info("SSL/TLS certificates already exist.") pterm.Println() return true @@ -134,6 +179,10 @@ func GetCertificates(domainName string) bool { } } + setDomainCertDirPerms(domainName) + setDomainCertArchiveDirPerms(domainName) + setDomainCertArchiveFilePerms(domainName) + certificateSpinner.Success("SSL/TLS certificates obtained successfully.") return true } diff --git a/pkg/network/constants.go b/pkg/network/constants.go index c8cec61..bbaf609 100644 --- a/pkg/network/constants.go +++ b/pkg/network/constants.go @@ -14,5 +14,11 @@ const CertificateDirPath = "/etc/letsencrypt/live" const FullchainFile = "fullchain.pem" const PrivkeyFile = "privkey.pem" const ChainFile = "chain.pem" +const CertificateArchiveDirPath = "/etc/letsencrypt/archive" +const FullchainArchiveFile = "fullchain1.pem" +const PrivkeyArchiveFile = "privkey1.pem" +const ChainArchiveFile = "chain1.pem" +const CertArchiveFile = "cert1.pem" +const NginxConfDirPath = "/etc/nginx/conf.d" const WWWDirPath = "/var/www" const AcmeChallengeDirPath = ".well-known/acme-challenge" diff --git a/pkg/network/nginx.go b/pkg/network/nginx.go new file mode 100644 index 0000000..95a2315 --- /dev/null +++ b/pkg/network/nginx.go @@ -0,0 +1,19 @@ +package network + +import ( + "github.com/nodetec/rwz/pkg/relays" + "github.com/nodetec/rwz/pkg/utils/directories" +) + +// Function to configure Nginx +func ConfigureNginx() { + if directories.DirExists(NginxConfDirPath) { + directories.SetPermissions(NginxConfDirPath, 0755) + directories.SetOwnerAndGroup(relays.NginxUser, relays.NginxUser, NginxConfDirPath) + } + + if directories.DirExists(WWWDirPath) { + directories.SetPermissions(WWWDirPath, 0755) + directories.SetOwnerAndGroup(relays.NginxUser, relays.NginxUser, WWWDirPath) + } +} diff --git a/pkg/relays/constants.go b/pkg/relays/constants.go index 2fdbcb2..6e80888 100644 --- a/pkg/relays/constants.go +++ b/pkg/relays/constants.go @@ -3,3 +3,4 @@ package relays const BinaryDestDir = "/usr/local/bin" const TmpDirPath = "/tmp" const User = "nostr" +const NginxUser = "www-data" diff --git a/pkg/relays/khatru29/constants.go b/pkg/relays/khatru29/constants.go index 950ef99..6bfd1fd 100644 --- a/pkg/relays/khatru29/constants.go +++ b/pkg/relays/khatru29/constants.go @@ -5,19 +5,20 @@ const BinaryName = "khatru29" const BinaryFilePath = "/usr/local/bin/khatru29" const NginxConfigFilePath = "/etc/nginx/conf.d/khatru29.conf" const DataDirPath = "/var/lib/khatru29" +const ConfigDirPath = "/etc/khatru29" const ServiceName = "khatru29" -const EnvFilePath = "/etc/systemd/system/khatru29.env" +const EnvFilePath = "/etc/khatru29/khatru29.env" const EnvFileTemplate = `PORT="5577" DOMAIN="{{.Domain}}" RELAY_NAME="Khatru29" RELAY_PRIVKEY="{{.PrivKey}}" -RELAY_DESCRIPTION="Khatru29 Nostr Relay" +RELAY_DESCRIPTION="Khatru29 Relay" RELAY_CONTACT="{{.RelayContact}}" DATABASE_PATH="/var/lib/khatru29/db" ` const ServiceFilePath = "/etc/systemd/system/khatru29.service" const ServiceFileTemplate = `[Unit] -Description=Khatru29 Nostr Relay Service +Description=Khatru29 Relay Service After=network.target [Service] diff --git a/pkg/relays/khatru29/nginx_http.go b/pkg/relays/khatru29/nginx_http.go index cdd27fd..deb3684 100644 --- a/pkg/relays/khatru29/nginx_http.go +++ b/pkg/relays/khatru29/nginx_http.go @@ -3,6 +3,7 @@ package khatru29 import ( "fmt" "github.com/nodetec/rwz/pkg/network" + "github.com/nodetec/rwz/pkg/relays" "github.com/nodetec/rwz/pkg/utils/directories" "github.com/nodetec/rwz/pkg/utils/files" "github.com/nodetec/rwz/pkg/utils/systemd" @@ -15,7 +16,9 @@ func ConfigureNginxHttp(domainName string) { files.RemoveFile(NginxConfigFilePath) + directories.CreateDirectory(fmt.Sprintf("%s/%s", network.WWWDirPath, domainName), 0755) directories.CreateDirectory(fmt.Sprintf("%s/%s/%s/", network.WWWDirPath, domainName, network.AcmeChallengeDirPath), 0755) + directories.SetOwnerAndGroup(relays.NginxUser, relays.NginxUser, fmt.Sprintf("%s/%s", network.WWWDirPath, domainName)) configContent := fmt.Sprintf(`map $http_upgrade $connection_upgrade { default upgrade; @@ -84,6 +87,7 @@ server { `, domainName, network.AcmeChallengeDirPath, network.WWWDirPath, domainName, domainName, domainName) files.WriteFile(NginxConfigFilePath, configContent, 0644) + files.SetOwnerAndGroup(relays.NginxUser, relays.NginxUser, NginxConfigFilePath) systemd.RestartService("nginx") diff --git a/pkg/relays/khatru29/nginx_https.go b/pkg/relays/khatru29/nginx_https.go index 275ce33..eb2e6fb 100644 --- a/pkg/relays/khatru29/nginx_https.go +++ b/pkg/relays/khatru29/nginx_https.go @@ -3,6 +3,7 @@ package khatru29 import ( "fmt" "github.com/nodetec/rwz/pkg/network" + "github.com/nodetec/rwz/pkg/relays" "github.com/nodetec/rwz/pkg/utils/files" "github.com/nodetec/rwz/pkg/utils/systemd" "github.com/pterm/pterm" @@ -122,6 +123,7 @@ server { `, domainName, network.CertificateDirPath, domainName, network.FullchainFile, network.CertificateDirPath, domainName, network.PrivkeyFile, network.CertificateDirPath, domainName, network.ChainFile, domainName, network.AcmeChallengeDirPath, network.WWWDirPath, domainName, domainName) files.WriteFile(NginxConfigFilePath, configContent, 0644) + files.SetOwnerAndGroup(relays.NginxUser, relays.NginxUser, NginxConfigFilePath) systemd.ReloadService("nginx") diff --git a/pkg/relays/khatru29/service.go b/pkg/relays/khatru29/service.go index e30ba5d..13012d2 100644 --- a/pkg/relays/khatru29/service.go +++ b/pkg/relays/khatru29/service.go @@ -2,6 +2,7 @@ package khatru29 import ( "github.com/nodetec/rwz/pkg/relays" + "github.com/nodetec/rwz/pkg/utils/configuration" "github.com/nodetec/rwz/pkg/utils/directories" "github.com/nodetec/rwz/pkg/utils/files" "github.com/nodetec/rwz/pkg/utils/systemd" @@ -12,13 +13,20 @@ import ( func SetupRelayService(domain, privKey, relayContact string) { spinner, _ := pterm.DefaultSpinner.Start("Configuring relay service...") - // Ensure the data directory exists and set ownership + // Ensure the data directory exists and set permissions spinner.UpdateText("Creating data directory...") directories.CreateDirectory(DataDirPath, 0755) // Use chown command to set ownership of the data directory to the nostr user directories.SetOwnerAndGroup(relays.User, relays.User, DataDirPath) + // Ensure the config directory exists and set permissions + spinner.UpdateText("Creating config directory...") + directories.CreateDirectory(ConfigDirPath, 0755) + + // Use chown command to set ownership of the config directory to the nostr user + directories.SetOwnerAndGroup(relays.User, relays.User, ConfigDirPath) + // Check if the environment file exists and remove it if it does files.RemoveFile(EnvFilePath) @@ -27,8 +35,14 @@ func SetupRelayService(domain, privKey, relayContact string) { // Create the environment file spinner.UpdateText("Creating environment file...") - envFileParams := systemd.EnvFileParams{Domain: domain, PrivKey: privKey, RelayContact: relayContact} - systemd.CreateEnvFile(EnvFilePath, EnvFileTemplate, &envFileParams) + envFileParams := configuration.EnvFileParams{Domain: domain, PrivKey: privKey, RelayContact: relayContact} + configuration.CreateEnvFile(EnvFilePath, EnvFileTemplate, &envFileParams) + + // Set permissions for the environment file + files.SetPermissions(EnvFilePath, 0600) + + // Use chown command to set ownership of the environment file to the nostr user + files.SetOwnerAndGroup(relays.User, relays.User, EnvFilePath) // Create the systemd service file spinner.UpdateText("Creating service file...") diff --git a/pkg/relays/khatru_pyramid/constants.go b/pkg/relays/khatru_pyramid/constants.go index 34998b5..248ac72 100644 --- a/pkg/relays/khatru_pyramid/constants.go +++ b/pkg/relays/khatru_pyramid/constants.go @@ -5,9 +5,10 @@ const BinaryName = "khatru-pyramid" const BinaryFilePath = "/usr/local/bin/khatru-pyramid" const NginxConfigFilePath = "/etc/nginx/conf.d/khatru_pyramid.conf" const DataDirPath = "/var/lib/khatru-pyramid" +const ConfigDirPath = "/etc/khatru-pyramid" const UsersFilePath = "/var/lib/khatru-pyramid/users.json" const ServiceName = "khatru-pyramid" -const EnvFilePath = "/etc/systemd/system/khatru-pyramid.env" +const EnvFilePath = "/etc/khatru-pyramid/khatru-pyramid.env" const EnvFileTemplate = `DOMAIN="{{.Domain}}" PORT="3335" DATABASE_PATH="/var/lib/khatru-pyramid/db" @@ -15,12 +16,12 @@ USERDATA_PATH="/var/lib/khatru-pyramid/users.json" MAX_INVITES_PER_PERSON="3" RELAY_NAME="Khatru Pyramid" RELAY_PUBKEY="{{.PubKey}}" -RELAY_DESCRIPTION="Khatru Pyramid Nostr Relay" +RELAY_DESCRIPTION="Khatru Pyramid Relay" RELAY_CONTACT="{{.RelayContact}}" ` const ServiceFilePath = "/etc/systemd/system/khatru-pyramid.service" const ServiceFileTemplate = `[Unit] -Description=Khatru Pyramid Nostr Relay Service +Description=Khatru Pyramid Relay Service After=network.target [Service] diff --git a/pkg/relays/khatru_pyramid/nginx_http.go b/pkg/relays/khatru_pyramid/nginx_http.go index 8bff0ce..b761d35 100644 --- a/pkg/relays/khatru_pyramid/nginx_http.go +++ b/pkg/relays/khatru_pyramid/nginx_http.go @@ -3,6 +3,7 @@ package khatru_pyramid import ( "fmt" "github.com/nodetec/rwz/pkg/network" + "github.com/nodetec/rwz/pkg/relays" "github.com/nodetec/rwz/pkg/utils/directories" "github.com/nodetec/rwz/pkg/utils/files" "github.com/nodetec/rwz/pkg/utils/systemd" @@ -15,7 +16,9 @@ func ConfigureNginxHttp(domainName string) { files.RemoveFile(NginxConfigFilePath) + directories.CreateDirectory(fmt.Sprintf("%s/%s", network.WWWDirPath, domainName), 0755) directories.CreateDirectory(fmt.Sprintf("%s/%s/%s/", network.WWWDirPath, domainName, network.AcmeChallengeDirPath), 0755) + directories.SetOwnerAndGroup(relays.NginxUser, relays.NginxUser, fmt.Sprintf("%s/%s", network.WWWDirPath, domainName)) configContent := fmt.Sprintf(`map $http_upgrade $connection_upgrade { default upgrade; @@ -84,6 +87,7 @@ server { `, domainName, network.AcmeChallengeDirPath, network.WWWDirPath, domainName, domainName, domainName) files.WriteFile(NginxConfigFilePath, configContent, 0644) + files.SetOwnerAndGroup(relays.NginxUser, relays.NginxUser, NginxConfigFilePath) systemd.RestartService("nginx") diff --git a/pkg/relays/khatru_pyramid/nginx_https.go b/pkg/relays/khatru_pyramid/nginx_https.go index 51d02f8..2ace2a8 100644 --- a/pkg/relays/khatru_pyramid/nginx_https.go +++ b/pkg/relays/khatru_pyramid/nginx_https.go @@ -3,6 +3,7 @@ package khatru_pyramid import ( "fmt" "github.com/nodetec/rwz/pkg/network" + "github.com/nodetec/rwz/pkg/relays" "github.com/nodetec/rwz/pkg/utils/files" "github.com/nodetec/rwz/pkg/utils/systemd" "github.com/pterm/pterm" @@ -122,6 +123,7 @@ server { `, domainName, network.CertificateDirPath, domainName, network.FullchainFile, network.CertificateDirPath, domainName, network.PrivkeyFile, network.CertificateDirPath, domainName, network.ChainFile, domainName, network.AcmeChallengeDirPath, network.WWWDirPath, domainName, domainName) files.WriteFile(NginxConfigFilePath, configContent, 0644) + files.SetOwnerAndGroup(relays.NginxUser, relays.NginxUser, NginxConfigFilePath) systemd.RestartService("nginx") diff --git a/pkg/relays/khatru_pyramid/service.go b/pkg/relays/khatru_pyramid/service.go index beb92d8..09029ae 100644 --- a/pkg/relays/khatru_pyramid/service.go +++ b/pkg/relays/khatru_pyramid/service.go @@ -2,6 +2,7 @@ package khatru_pyramid import ( "github.com/nodetec/rwz/pkg/relays" + "github.com/nodetec/rwz/pkg/utils/configuration" "github.com/nodetec/rwz/pkg/utils/directories" "github.com/nodetec/rwz/pkg/utils/files" "github.com/nodetec/rwz/pkg/utils/systemd" @@ -12,13 +13,20 @@ import ( func SetupRelayService(domain, pubKey, relayContact string) { spinner, _ := pterm.DefaultSpinner.Start("Configuring relay service...") - // Ensure the data directory exists and set ownership + // Ensure the data directory exists and set permissions spinner.UpdateText("Creating data directory...") directories.CreateDirectory(DataDirPath, 0755) // Use chown command to set ownership of the data directory to the nostr user directories.SetOwnerAndGroup(relays.User, relays.User, DataDirPath) + // Ensure the config directory exists and set permissions + spinner.UpdateText("Creating config directory...") + directories.CreateDirectory(ConfigDirPath, 0755) + + // Use chown command to set ownership of the config directory to the nostr user + directories.SetOwnerAndGroup(relays.User, relays.User, ConfigDirPath) + // Check if the environment file exists and remove it if it does files.RemoveFile(EnvFilePath) @@ -27,8 +35,14 @@ func SetupRelayService(domain, pubKey, relayContact string) { // Create the environment file spinner.UpdateText("Creating environment file...") - envFileParams := systemd.EnvFileParams{Domain: domain, PubKey: pubKey, RelayContact: relayContact} - systemd.CreateEnvFile(EnvFilePath, EnvFileTemplate, &envFileParams) + envFileParams := configuration.EnvFileParams{Domain: domain, PubKey: pubKey, RelayContact: relayContact} + configuration.CreateEnvFile(EnvFilePath, EnvFileTemplate, &envFileParams) + + // Set permissions for the environment file + files.SetPermissions(EnvFilePath, 0644) + + // Use chown command to set ownership of the environment file to the nostr user + files.SetOwnerAndGroup(relays.User, relays.User, EnvFilePath) // Create the systemd service file spinner.UpdateText("Creating service file...") diff --git a/pkg/relays/nostr_rs_relay/install.go b/pkg/relays/nostr_rs_relay/install.go index 5f127e2..195981e 100644 --- a/pkg/relays/nostr_rs_relay/install.go +++ b/pkg/relays/nostr_rs_relay/install.go @@ -21,6 +21,8 @@ func InstallRelayBinary() { // Download git repository git.Clone(GitRepoBranch, GitRepoURL, GitRepoTmpDirPath) + directories.SetPermissions(GitRepoTmpDirPath, 0755) + // Determine the file name from the URL tmpFileName := filepath.Base(DownloadURL) diff --git a/pkg/relays/nostr_rs_relay/nginx_http.go b/pkg/relays/nostr_rs_relay/nginx_http.go index 9c18538..afd148d 100644 --- a/pkg/relays/nostr_rs_relay/nginx_http.go +++ b/pkg/relays/nostr_rs_relay/nginx_http.go @@ -3,6 +3,7 @@ package nostr_rs_relay import ( "fmt" "github.com/nodetec/rwz/pkg/network" + "github.com/nodetec/rwz/pkg/relays" "github.com/nodetec/rwz/pkg/utils/directories" "github.com/nodetec/rwz/pkg/utils/files" "github.com/nodetec/rwz/pkg/utils/systemd" @@ -15,7 +16,9 @@ func ConfigureNginxHttp(domainName string) { files.RemoveFile(NginxConfigFilePath) + directories.CreateDirectory(fmt.Sprintf("%s/%s", network.WWWDirPath, domainName), 0755) directories.CreateDirectory(fmt.Sprintf("%s/%s/%s/", network.WWWDirPath, domainName, network.AcmeChallengeDirPath), 0755) + directories.SetOwnerAndGroup(relays.NginxUser, relays.NginxUser, fmt.Sprintf("%s/%s", network.WWWDirPath, domainName)) configContent := fmt.Sprintf(`map $http_upgrade $connection_upgrade { default upgrade; @@ -84,6 +87,7 @@ server { `, domainName, network.AcmeChallengeDirPath, network.WWWDirPath, domainName, domainName, domainName) files.WriteFile(NginxConfigFilePath, configContent, 0644) + files.SetOwnerAndGroup(relays.NginxUser, relays.NginxUser, NginxConfigFilePath) systemd.RestartService("nginx") diff --git a/pkg/relays/nostr_rs_relay/nginx_https.go b/pkg/relays/nostr_rs_relay/nginx_https.go index 8402064..1460869 100644 --- a/pkg/relays/nostr_rs_relay/nginx_https.go +++ b/pkg/relays/nostr_rs_relay/nginx_https.go @@ -3,6 +3,7 @@ package nostr_rs_relay import ( "fmt" "github.com/nodetec/rwz/pkg/network" + "github.com/nodetec/rwz/pkg/relays" "github.com/nodetec/rwz/pkg/utils/files" "github.com/nodetec/rwz/pkg/utils/systemd" "github.com/pterm/pterm" @@ -121,6 +122,7 @@ server { `, domainName, network.CertificateDirPath, domainName, network.FullchainFile, network.CertificateDirPath, domainName, network.PrivkeyFile, network.CertificateDirPath, domainName, network.ChainFile, domainName, network.AcmeChallengeDirPath, network.WWWDirPath, domainName, domainName) files.WriteFile(NginxConfigFilePath, configContent, 0644) + files.SetOwnerAndGroup(relays.NginxUser, relays.NginxUser, NginxConfigFilePath) systemd.ReloadService("nginx") diff --git a/pkg/relays/nostr_rs_relay/service.go b/pkg/relays/nostr_rs_relay/service.go index a9a8b3f..d7ee7f9 100644 --- a/pkg/relays/nostr_rs_relay/service.go +++ b/pkg/relays/nostr_rs_relay/service.go @@ -14,7 +14,7 @@ import ( func SetupRelayService(domain, pubKey, relayContact string, httpsEnabled bool) { spinner, _ := pterm.DefaultSpinner.Start("Configuring relay service...") - // Ensure the data directory exists and set ownership + // Ensure the data directory exists and set permissions spinner.UpdateText("Creating data directory...") directories.CreateDirectory(DataDirPath, 0755) directories.CreateDirectory(fmt.Sprintf("%s/db", DataDirPath), 0755) @@ -22,7 +22,7 @@ func SetupRelayService(domain, pubKey, relayContact string, httpsEnabled bool) { // Use chown command to set ownership of the data directory to the nostr user directories.SetOwnerAndGroup(relays.User, relays.User, DataDirPath) - // Ensure the config directory exists and set ownership + // Ensure the config directory exists and set permissions spinner.UpdateText("Creating config directory...") directories.CreateDirectory(ConfigDirPath, 0755) @@ -53,6 +53,9 @@ func SetupRelayService(domain, pubKey, relayContact string, httpsEnabled bool) { // Copy config file to config directory files.CopyFile(TmpConfigFilePath, ConfigDirPath) + // Set permissions for the config file + files.SetPermissions(ConfigFilePath, 0644) + // Use chown command to set ownership of the config file to the nostr user files.SetOwnerAndGroup(relays.User, relays.User, ConfigFilePath) diff --git a/pkg/relays/strfry/constants.go b/pkg/relays/strfry/constants.go index 4fcc72b..b2a8c90 100644 --- a/pkg/relays/strfry/constants.go +++ b/pkg/relays/strfry/constants.go @@ -18,7 +18,7 @@ const ServiceFilePath = "/etc/systemd/system/strfry.service" // Check working directory // WorkingDirectory=/home/nostr const ServiceFileTemplate = `[Unit] -Description=strfry Nostr Relay Service +Description=strfry Relay Service After=network.target [Service] diff --git a/pkg/relays/strfry/install.go b/pkg/relays/strfry/install.go index 61e4efd..b559d4e 100644 --- a/pkg/relays/strfry/install.go +++ b/pkg/relays/strfry/install.go @@ -21,6 +21,8 @@ func InstallRelayBinary() { // Download git repository git.Clone(GitRepoBranch, GitRepoURL, GitRepoTmpDirPath) + directories.SetPermissions(GitRepoTmpDirPath, 0755) + // Install // Determine the file name from the URL tmpFileName := filepath.Base(DownloadURL) diff --git a/pkg/relays/strfry/nginx_http.go b/pkg/relays/strfry/nginx_http.go index ba0964e..821e8ad 100644 --- a/pkg/relays/strfry/nginx_http.go +++ b/pkg/relays/strfry/nginx_http.go @@ -3,6 +3,7 @@ package strfry import ( "fmt" "github.com/nodetec/rwz/pkg/network" + "github.com/nodetec/rwz/pkg/relays" "github.com/nodetec/rwz/pkg/utils/directories" "github.com/nodetec/rwz/pkg/utils/files" "github.com/nodetec/rwz/pkg/utils/systemd" @@ -15,7 +16,9 @@ func ConfigureNginxHttp(domainName string) { files.RemoveFile(NginxConfigFilePath) + directories.CreateDirectory(fmt.Sprintf("%s/%s", network.WWWDirPath, domainName), 0755) directories.CreateDirectory(fmt.Sprintf("%s/%s/%s/", network.WWWDirPath, domainName, network.AcmeChallengeDirPath), 0755) + directories.SetOwnerAndGroup(relays.NginxUser, relays.NginxUser, fmt.Sprintf("%s/%s", network.WWWDirPath, domainName)) configContent := fmt.Sprintf(`map $http_upgrade $connection_upgrade { default upgrade; @@ -84,6 +87,7 @@ server { `, domainName, network.AcmeChallengeDirPath, network.WWWDirPath, domainName, domainName, domainName) files.WriteFile(NginxConfigFilePath, configContent, 0644) + files.SetOwnerAndGroup(relays.NginxUser, relays.NginxUser, NginxConfigFilePath) systemd.RestartService("nginx") diff --git a/pkg/relays/strfry/nginx_https.go b/pkg/relays/strfry/nginx_https.go index 927f2f2..186347d 100644 --- a/pkg/relays/strfry/nginx_https.go +++ b/pkg/relays/strfry/nginx_https.go @@ -3,6 +3,7 @@ package strfry import ( "fmt" "github.com/nodetec/rwz/pkg/network" + "github.com/nodetec/rwz/pkg/relays" "github.com/nodetec/rwz/pkg/utils/files" "github.com/nodetec/rwz/pkg/utils/systemd" "github.com/pterm/pterm" @@ -122,6 +123,7 @@ server { `, domainName, network.CertificateDirPath, domainName, network.FullchainFile, network.CertificateDirPath, domainName, network.PrivkeyFile, network.CertificateDirPath, domainName, network.ChainFile, domainName, network.AcmeChallengeDirPath, network.WWWDirPath, domainName, domainName) files.WriteFile(NginxConfigFilePath, configContent, 0644) + files.SetOwnerAndGroup(relays.NginxUser, relays.NginxUser, NginxConfigFilePath) systemd.RestartService("nginx") diff --git a/pkg/relays/strfry/service.go b/pkg/relays/strfry/service.go index ad056a4..9013688 100644 --- a/pkg/relays/strfry/service.go +++ b/pkg/relays/strfry/service.go @@ -13,14 +13,14 @@ import ( func SetupRelayService(domain, relayContact string) { spinner, _ := pterm.DefaultSpinner.Start("Configuring relay service...") - // Ensure the data directory exists and set ownership + // Ensure the data directory exists and set permissions spinner.UpdateText("Creating data directory...") directories.CreateDirectory(DataDirPath, 0755) // Use chown command to set ownership of the data directory to the nostr user directories.SetOwnerAndGroup(relays.User, relays.User, DataDirPath) - // Ensure the config directory exists and set ownership + // Ensure the config directory exists and set permissions spinner.UpdateText("Creating config directory...") directories.CreateDirectory(ConfigDirPath, 0755) @@ -48,6 +48,9 @@ func SetupRelayService(domain, relayContact string) { // Copy config file to config directory files.CopyFile(TmpConfigFilePath, ConfigDirPath) + // Set permissions for the config file + files.SetPermissions(ConfigFilePath, 0644) + // Use chown command to set ownership of the config file to the nostr user files.SetOwnerAndGroup(relays.User, relays.User, ConfigFilePath) diff --git a/pkg/relays/strfry29/constants.go b/pkg/relays/strfry29/constants.go index d095367..c979a9a 100644 --- a/pkg/relays/strfry29/constants.go +++ b/pkg/relays/strfry29/constants.go @@ -2,11 +2,11 @@ package strfry29 const GitRepoBranch = "v0.4.0" const GitRepoURL = "https://github.com/fiatjaf/relay29.git" -const GitRepoTmpDir = "/tmp/relay29" +const GitRepoTmpDirPath = "/tmp/relay29" const DownloadURL = "https://github.com/nodetec/relays/releases/download/v0.4.0/strfry-1.0.1-x86_64-linux-gnu.tar.gz" const BinaryName = "strfry" const BinaryFilePath = "/usr/local/bin/strfry" -const BinaryPluginDownloadURL = "https://github.com/nodetec/relays/releases/download/v0.3.0/relay29-0.4.0-strfry29-x86_64-linux-gnu.tar.gz" +const BinaryPluginDownloadURL = "https://github.com/nodetec/relays/releases/download/v0.4.0/relay29-0.4.0-strfry29-x86_64-linux-gnu.tar.gz" const BinaryPluginName = "strfry29" const BinaryPluginFilePath = "/usr/local/bin/strfry29" const NginxConfigFilePath = "/etc/nginx/conf.d/strfry29.conf" @@ -17,7 +17,7 @@ const ConfigFilePath = "/etc/strfry29/strfry.conf" const ConfigFileInfoDescription = "This is a strfry instance that only works with NIP-29 groups." // TODO -// Currently, the strfry29 binary expects the strfry.json file to be in the same directory +// Currently, the strfry29 binary expects the strfry29.json file to be in the same directory // Ideally, the location would be /etc/strfry29/strfry29.json const PluginFilePath = "/usr/local/bin/strfry29.json" const PluginFileTemplate = `{ @@ -34,7 +34,7 @@ const ServiceFilePath = "/etc/systemd/system/strfry29.service" // Check working directory // WorkingDirectory=/home/nostr const ServiceFileTemplate = `[Unit] -Description=strfry29 Nostr Relay Service +Description=strfry29 Relay Service After=network.target [Service] diff --git a/pkg/relays/strfry29/install.go b/pkg/relays/strfry29/install.go index 071beff..c944abb 100644 --- a/pkg/relays/strfry29/install.go +++ b/pkg/relays/strfry29/install.go @@ -16,10 +16,12 @@ func InstallRelayBinary() { spinner, _ := pterm.DefaultSpinner.Start(fmt.Sprintf("Installing %s relay...", RelayName)) // Check for and remove existing git repository - directories.RemoveDirectory(GitRepoTmpDir) + directories.RemoveDirectory(GitRepoTmpDirPath) // Download git repository - git.Clone(GitRepoBranch, GitRepoURL, GitRepoTmpDir) + git.Clone(GitRepoBranch, GitRepoURL, GitRepoTmpDirPath) + + directories.SetPermissions(GitRepoTmpDirPath, 0755) // Install // Determine the file name from the URL diff --git a/pkg/relays/strfry29/nginx_http.go b/pkg/relays/strfry29/nginx_http.go index 264023d..e8c6b14 100644 --- a/pkg/relays/strfry29/nginx_http.go +++ b/pkg/relays/strfry29/nginx_http.go @@ -3,6 +3,7 @@ package strfry29 import ( "fmt" "github.com/nodetec/rwz/pkg/network" + "github.com/nodetec/rwz/pkg/relays" "github.com/nodetec/rwz/pkg/utils/directories" "github.com/nodetec/rwz/pkg/utils/files" "github.com/nodetec/rwz/pkg/utils/systemd" @@ -15,7 +16,9 @@ func ConfigureNginxHttp(domainName string) { files.RemoveFile(NginxConfigFilePath) + directories.CreateDirectory(fmt.Sprintf("%s/%s", network.WWWDirPath, domainName), 0755) directories.CreateDirectory(fmt.Sprintf("%s/%s/%s/", network.WWWDirPath, domainName, network.AcmeChallengeDirPath), 0755) + directories.SetOwnerAndGroup(relays.NginxUser, relays.NginxUser, fmt.Sprintf("%s/%s", network.WWWDirPath, domainName)) configContent := fmt.Sprintf(`map $http_upgrade $connection_upgrade { default upgrade; @@ -84,6 +87,7 @@ server { `, domainName, network.AcmeChallengeDirPath, network.WWWDirPath, domainName, domainName, domainName) files.WriteFile(NginxConfigFilePath, configContent, 0644) + files.SetOwnerAndGroup(relays.NginxUser, relays.NginxUser, NginxConfigFilePath) systemd.RestartService("nginx") diff --git a/pkg/relays/strfry29/nginx_https.go b/pkg/relays/strfry29/nginx_https.go index 764d6ed..63383e1 100644 --- a/pkg/relays/strfry29/nginx_https.go +++ b/pkg/relays/strfry29/nginx_https.go @@ -3,6 +3,7 @@ package strfry29 import ( "fmt" "github.com/nodetec/rwz/pkg/network" + "github.com/nodetec/rwz/pkg/relays" "github.com/nodetec/rwz/pkg/utils/files" "github.com/nodetec/rwz/pkg/utils/systemd" "github.com/pterm/pterm" @@ -122,6 +123,7 @@ server { `, domainName, network.CertificateDirPath, domainName, network.FullchainFile, network.CertificateDirPath, domainName, network.PrivkeyFile, network.CertificateDirPath, domainName, network.ChainFile, domainName, network.AcmeChallengeDirPath, network.WWWDirPath, domainName, domainName) files.WriteFile(NginxConfigFilePath, configContent, 0644) + files.SetOwnerAndGroup(relays.NginxUser, relays.NginxUser, NginxConfigFilePath) systemd.RestartService("nginx") diff --git a/pkg/relays/strfry29/service.go b/pkg/relays/strfry29/service.go index 9e39aae..089f2f6 100644 --- a/pkg/relays/strfry29/service.go +++ b/pkg/relays/strfry29/service.go @@ -14,14 +14,14 @@ import ( func SetupRelayService(domain, relaySecretKey, relayContact string) { spinner, _ := pterm.DefaultSpinner.Start("Configuring relay service...") - // Ensure the data directory exists and set ownership + // Ensure the data directory exists and set permissions spinner.UpdateText("Creating data directory...") directories.CreateDirectory(DataDirPath, 0755) // Use chown command to set ownership of the data directory to the nostr user directories.SetOwnerAndGroup(relays.User, relays.User, DataDirPath) - // Ensure the config directory exists and set ownership + // Ensure the config directory exists and set permissions spinner.UpdateText("Creating config directory...") directories.CreateDirectory(ConfigDirPath, 0755) @@ -57,6 +57,9 @@ func SetupRelayService(domain, relaySecretKey, relayContact string) { // Copy config file to /etc/strfry29 files.CopyFile(TmpConfigFilePath, ConfigDirPath) + // Set permissions for the config file + files.SetPermissions(ConfigFilePath, 0644) + // Use chown command to set ownership of the config file to the nostr user files.SetOwnerAndGroup(relays.User, relays.User, ConfigFilePath) @@ -65,8 +68,8 @@ func SetupRelayService(domain, relaySecretKey, relayContact string) { pluginFileParams := plugins.PluginFileParams{Domain: domain, RelaySecretKey: relaySecretKey, ConfigFilePath: ConfigFilePath, BinaryFilePath: BinaryFilePath} plugins.CreatePluginFile(PluginFilePath, PluginFileTemplate, &pluginFileParams) - // Use chown command to set ownership of the strfry29.json file to the nostr user - files.SetOwnerAndGroup(relays.User, relays.User, PluginFilePath) + // Set permissions for the strfry29.json file + files.SetPermissions(PluginFilePath, 0600) // Create the systemd service file spinner.UpdateText("Creating service file...") diff --git a/pkg/relays/wot_relay/constants.go b/pkg/relays/wot_relay/constants.go index edb4279..ee63297 100644 --- a/pkg/relays/wot_relay/constants.go +++ b/pkg/relays/wot_relay/constants.go @@ -15,7 +15,7 @@ const TmpIndexFilePath = "/tmp/wot-relay/templates/index.html" const StaticDirPath = "/etc/wot-relay/templates/static" const TmpStaticDirPath = "/tmp/wot-relay/templates/static" const ServiceName = "wot-relay" -const EnvFilePath = "/etc/systemd/system/wot-relay.env" +const EnvFilePath = "/etc/wot-relay/wot-relay.env" const EnvFileTemplate = `RELAY_NAME="WoT Relay" RELAY_PUBKEY="{{.PubKey}}" RELAY_DESCRIPTION="Stores only notes in your WoT" diff --git a/pkg/relays/wot_relay/install.go b/pkg/relays/wot_relay/install.go index ce954d1..ca0277b 100644 --- a/pkg/relays/wot_relay/install.go +++ b/pkg/relays/wot_relay/install.go @@ -21,6 +21,8 @@ func InstallRelayBinary(pubKey string) { // Download git repository git.Clone(GitRepoBranch, GitRepoURL, GitRepoTmpDirPath) + directories.SetPermissions(GitRepoTmpDirPath, 0755) + // Determine the file name from the URL tmpFileName := filepath.Base(DownloadURL) diff --git a/pkg/relays/wot_relay/nginx_http.go b/pkg/relays/wot_relay/nginx_http.go index db126e8..29557d5 100644 --- a/pkg/relays/wot_relay/nginx_http.go +++ b/pkg/relays/wot_relay/nginx_http.go @@ -3,6 +3,7 @@ package wot_relay import ( "fmt" "github.com/nodetec/rwz/pkg/network" + "github.com/nodetec/rwz/pkg/relays" "github.com/nodetec/rwz/pkg/utils/directories" "github.com/nodetec/rwz/pkg/utils/files" "github.com/nodetec/rwz/pkg/utils/systemd" @@ -15,7 +16,9 @@ func ConfigureNginxHttp(domainName string) { files.RemoveFile(NginxConfigFilePath) + directories.CreateDirectory(fmt.Sprintf("%s/%s", network.WWWDirPath, domainName), 0755) directories.CreateDirectory(fmt.Sprintf("%s/%s/%s/", network.WWWDirPath, domainName, network.AcmeChallengeDirPath), 0755) + directories.SetOwnerAndGroup(relays.NginxUser, relays.NginxUser, fmt.Sprintf("%s/%s", network.WWWDirPath, domainName)) configContent := fmt.Sprintf(`map $http_upgrade $connection_upgrade { default upgrade; @@ -84,6 +87,7 @@ server { `, domainName, network.AcmeChallengeDirPath, network.WWWDirPath, domainName, domainName, domainName) files.WriteFile(NginxConfigFilePath, configContent, 0644) + files.SetOwnerAndGroup(relays.NginxUser, relays.NginxUser, NginxConfigFilePath) systemd.RestartService("nginx") diff --git a/pkg/relays/wot_relay/nginx_https.go b/pkg/relays/wot_relay/nginx_https.go index 13f095c..31b6568 100644 --- a/pkg/relays/wot_relay/nginx_https.go +++ b/pkg/relays/wot_relay/nginx_https.go @@ -3,6 +3,7 @@ package wot_relay import ( "fmt" "github.com/nodetec/rwz/pkg/network" + "github.com/nodetec/rwz/pkg/relays" "github.com/nodetec/rwz/pkg/utils/files" "github.com/nodetec/rwz/pkg/utils/systemd" "github.com/pterm/pterm" @@ -122,6 +123,7 @@ server { `, domainName, network.CertificateDirPath, domainName, network.FullchainFile, network.CertificateDirPath, domainName, network.PrivkeyFile, network.CertificateDirPath, domainName, network.ChainFile, domainName, network.AcmeChallengeDirPath, network.WWWDirPath, domainName, domainName) files.WriteFile(NginxConfigFilePath, configContent, 0644) + files.SetOwnerAndGroup(relays.NginxUser, relays.NginxUser, NginxConfigFilePath) systemd.RestartService("nginx") diff --git a/pkg/relays/wot_relay/service.go b/pkg/relays/wot_relay/service.go index 2a46756..b7a6fa0 100644 --- a/pkg/relays/wot_relay/service.go +++ b/pkg/relays/wot_relay/service.go @@ -3,6 +3,7 @@ package wot_relay import ( "fmt" "github.com/nodetec/rwz/pkg/relays" + "github.com/nodetec/rwz/pkg/utils/configuration" "github.com/nodetec/rwz/pkg/utils/directories" "github.com/nodetec/rwz/pkg/utils/files" "github.com/nodetec/rwz/pkg/utils/systemd" @@ -13,7 +14,7 @@ import ( func SetupRelayService(domain, pubKey, relayContact string, httpsEnabled bool) { spinner, _ := pterm.DefaultSpinner.Start("Configuring relay service...") - // Ensure the data directory exists and set ownership + // Ensure the data directory exists and set permissions spinner.UpdateText("Creating data directory...") directories.CreateDirectory(DataDirPath, 0755) directories.CreateDirectory(fmt.Sprintf("%s/db", DataDirPath), 0755) @@ -38,6 +39,9 @@ func SetupRelayService(domain, pubKey, relayContact string, httpsEnabled bool) { // Copy the index.html file to templates directory files.CopyFile(TmpIndexFilePath, TemplatesDirPath) + // Set permissions for the index.html file + files.SetPermissions(IndexFilePath, 0644) + // Use chown command to set ownership of the index.html file to the nostr user files.SetOwnerAndGroup(relays.User, relays.User, IndexFilePath) @@ -48,6 +52,9 @@ func SetupRelayService(domain, pubKey, relayContact string, httpsEnabled bool) { // Copy the static directory and all of its content to the templates directory directories.CopyDirectory(TmpStaticDirPath, TemplatesDirPath) + // Set permissions for the static directory + directories.SetPermissions(StaticDirPath, 0755) + // Use chown command to set ownership of the static directory and its content to the nostr user directories.SetOwnerAndGroup(relays.User, relays.User, StaticDirPath) @@ -59,8 +66,14 @@ func SetupRelayService(domain, pubKey, relayContact string, httpsEnabled bool) { // Create the environment file spinner.UpdateText("Creating environment file...") - envFileParams := systemd.EnvFileParams{Domain: domain, HTTPSEnabled: httpsEnabled, PubKey: pubKey, RelayContact: relayContact} - systemd.CreateEnvFile(EnvFilePath, EnvFileTemplate, &envFileParams) + envFileParams := configuration.EnvFileParams{Domain: domain, HTTPSEnabled: httpsEnabled, PubKey: pubKey, RelayContact: relayContact} + configuration.CreateEnvFile(EnvFilePath, EnvFileTemplate, &envFileParams) + + // Set permissions for the environment file + files.SetPermissions(EnvFilePath, 0644) + + // Use chown command to set ownership of the environment file to the nostr user + files.SetOwnerAndGroup(relays.User, relays.User, EnvFilePath) // Create the systemd service file spinner.UpdateText("Creating service file...") diff --git a/pkg/utils/configuration/utils.go b/pkg/utils/configuration/utils.go new file mode 100644 index 0000000..eca3811 --- /dev/null +++ b/pkg/utils/configuration/utils.go @@ -0,0 +1,43 @@ +package configuration + +import ( + "fmt" + "github.com/nodetec/rwz/pkg/utils/network" + "github.com/pterm/pterm" + "os" + "text/template" +) + +type EnvFileParams struct { + Domain string + HTTPSEnabled bool + PrivKey string + PubKey string + RelayContact string +} + +func CreateEnvFile(envFilePath, envTemplate string, envFileParams *EnvFileParams) { + envFile, err := os.Create(envFilePath) + if err != nil { + pterm.Println() + pterm.Error.Println(fmt.Sprintf("Failed to create environment file: %v", err)) + os.Exit(1) + } + defer envFile.Close() + + envTmpl, err := template.New("env").Parse(envTemplate) + if err != nil { + pterm.Println() + pterm.Error.Println(fmt.Sprintf("Failed to parse environment template: %v", err)) + os.Exit(1) + } + + WSScheme := network.WSEnabled(envFileParams.HTTPSEnabled) + + err = envTmpl.Execute(envFile, struct{ Domain, WSScheme, PrivKey, PubKey, RelayContact string }{Domain: envFileParams.Domain, WSScheme: WSScheme, PrivKey: envFileParams.PrivKey, PubKey: envFileParams.PubKey, RelayContact: envFileParams.RelayContact}) + if err != nil { + pterm.Println() + pterm.Error.Println(fmt.Sprintf("Failed to execute environment template: %v", err)) + os.Exit(1) + } +} diff --git a/pkg/utils/directories/utils.go b/pkg/utils/directories/utils.go index 5c2aae9..f9bdb25 100644 --- a/pkg/utils/directories/utils.go +++ b/pkg/utils/directories/utils.go @@ -10,7 +10,13 @@ import ( type FileMode = fs.FileMode -// Function to remove directory +// Function to check if a directory exists +func DirExists(dirPath string) bool { + info, err := os.Stat(dirPath) + return !os.IsNotExist(err) && info.IsDir() +} + +// Function to remove directory and its content func RemoveDirectory(path string) { err := os.RemoveAll(path) if err != nil && !os.IsNotExist(err) { @@ -20,7 +26,7 @@ func RemoveDirectory(path string) { } } -// Function to ensure directory and path to directory exists and sets permissions +// Function to ensure directory and path to directory exists and sets permissions if created func CreateDirectory(path string, permissions FileMode) { err := os.MkdirAll(path, permissions) if err != nil { @@ -40,6 +46,16 @@ func CopyDirectory(dirToCopyPath, destDirPath string) { } } +// Function to set permissions of a directory +func SetPermissions(path string, mode FileMode) { + err := os.Chmod(path, mode) + if err != nil { + pterm.Println() + pterm.Error.Println(fmt.Sprintf("Failed to set %s directory permissions: %v", path, err)) + os.Exit(1) + } +} + // Function to set owner and group of a directory func SetOwnerAndGroup(owner, group, dir string) { err := exec.Command("chown", "-R", fmt.Sprintf("%s:%s", owner, group), dir).Run() diff --git a/pkg/utils/files/utils.go b/pkg/utils/files/utils.go index 7814978..bf9d1fe 100644 --- a/pkg/utils/files/utils.go +++ b/pkg/utils/files/utils.go @@ -40,22 +40,22 @@ func CopyFile(fileToCopy, destDir string) { } } -// Function to set owner and group of a file -func SetOwnerAndGroup(owner, group, file string) { - err := exec.Command("chown", fmt.Sprintf("%s:%s", owner, group), file).Run() +// Function to set permissions of a file +func SetPermissions(path string, mode FileMode) { + err := os.Chmod(path, mode) if err != nil { pterm.Println() - pterm.Error.Println(fmt.Sprintf("Failed to set ownership of %s file: %v", file, err)) + pterm.Error.Println(fmt.Sprintf("Failed to set %s file permissions: %v", path, err)) os.Exit(1) } } -// Function to set permissions of a file -func SetPermissions(path string, mode FileMode) { - err := os.Chmod(path, mode) +// Function to set owner and group of a file +func SetOwnerAndGroup(owner, group, file string) { + err := exec.Command("chown", fmt.Sprintf("%s:%s", owner, group), file).Run() if err != nil { pterm.Println() - pterm.Error.Println(fmt.Sprintf("Failed to set %s file permissions: %v", path, err)) + pterm.Error.Println(fmt.Sprintf("Failed to set ownership of %s file: %v", file, err)) os.Exit(1) } } @@ -113,6 +113,8 @@ func DownloadAndCopyFile(tmpFilePath, downloadURL string) { } defer out.Close() + SetPermissions(tmpFilePath, 0644) + // Download the file resp, err := http.Get(downloadURL) if err != nil { diff --git a/pkg/utils/systemd/utils.go b/pkg/utils/systemd/utils.go index b913571..fad2ebc 100644 --- a/pkg/utils/systemd/utils.go +++ b/pkg/utils/systemd/utils.go @@ -2,53 +2,18 @@ package systemd import ( "fmt" - "github.com/nodetec/rwz/pkg/utils/network" "github.com/pterm/pterm" "os" "os/exec" "text/template" ) -type EnvFileParams struct { - Domain string - HTTPSEnabled bool - PrivKey string - PubKey string - RelayContact string -} - type ServiceFileParams struct { EnvFilePath string BinaryFilePath string ConfigFilePath string } -func CreateEnvFile(envFilePath, envTemplate string, envFileParams *EnvFileParams) { - envFile, err := os.Create(envFilePath) - if err != nil { - pterm.Println() - pterm.Error.Println(fmt.Sprintf("Failed to create environment file: %v", err)) - os.Exit(1) - } - defer envFile.Close() - - envTmpl, err := template.New("env").Parse(envTemplate) - if err != nil { - pterm.Println() - pterm.Error.Println(fmt.Sprintf("Failed to parse environment template: %v", err)) - os.Exit(1) - } - - WSScheme := network.WSEnabled(envFileParams.HTTPSEnabled) - - err = envTmpl.Execute(envFile, struct{ Domain, WSScheme, PrivKey, PubKey, RelayContact string }{Domain: envFileParams.Domain, WSScheme: WSScheme, PrivKey: envFileParams.PrivKey, PubKey: envFileParams.PubKey, RelayContact: envFileParams.RelayContact}) - if err != nil { - pterm.Println() - pterm.Error.Println(fmt.Sprintf("Failed to execute environment template: %v", err)) - os.Exit(1) - } -} - func CreateServiceFile(serviceFilePath, serviceTemplate string, serviceFileParams *ServiceFileParams) { serviceFile, err := os.Create(serviceFilePath) if err != nil {