gru/npm-angie-auto-install
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sudoers and fixes

Browse Source
This commit is contained in:
Mateusz Gruszczyński
2025-10-24 07:23:17 +02:00
parent 34c4aa2577
commit 222cf50e91
1 changed files with 46 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

73
npm_install.py
View File

@@ -418,6 +418,14 @@ def ensure_user_and_dirs():
run(["chown","-R","npm:npm","/opt/npm","/data"]) run(["chown","-R","npm:npm","/opt/npm","/data"])
ensure_angie_runtime_perms() ensure_angie_runtime_perms()
def create_sudoers_for_npm():
with step("Configuring sudoers for npm -> angie"):
content = """User_Alias NPMUSERS = npm
NPMUSERS ALL=(root) NOPASSWD: /usr/sbin/angie
"""
path = Path("/etc/sudoers.d/npm")
write_file(path, content, 0o440)
run(["bash","-lc", f"command -v visudo >/dev/null 2>&1 && visudo -cf {path} || true"], check=False)
def adjust_nginx_like_paths_in_tree(root: Path): def adjust_nginx_like_paths_in_tree(root: Path):
for p in root.rglob("*.conf"): for p in root.rglob("*.conf"):
@@ -472,8 +480,8 @@ def patch_npm_backend_commands():
txt = p.read_text(encoding="utf-8") txt = p.read_text(encoding="utf-8")
except Exception: except Exception:
continue continue
new = re.sub(r'\\blogrotate\\b', '/usr/local/bin/logrotate-npm', txt) new = re.sub(r'\blogrotate\b', '/usr/local/bin/logrotate-npm', txt)
new = re.sub(r'(?<!/usr/sbin/)\\bnginx\\b', '/usr/sbin/nginx', new) new = re.sub(r'(?<!/usr/sbin/)\bnginx\b', '/usr/sbin/nginx', new)
if new != txt: if new != txt:
p.write_text(new, encoding="utf-8") p.write_text(new, encoding="utf-8")
@@ -619,28 +627,33 @@ exec /usr/sbin/logrotate -s {state_file} "$@"
""" """
write_file(helper, helper_content, 0o755) write_file(helper, helper_content, 0o755)
def create_systemd_units(ipv6_enabled: bool):
def create_systemd_units():
with step("Creating and starting systemd services (angie, npm)"): with step("Creating and starting systemd services (angie, npm)"):
unit = """[Unit] unit_lines = [
Description=Nginx Proxy Manager (backend) "[Unit]",
After=network.target angie.service "Description=Nginx Proxy Manager (backend)",
Wants=angie.service "After=network.target angie.service",
"Wants=angie.service",
[Service] "",
User=npm "[Service]",
Group=npm "User=npm",
WorkingDirectory=/opt/npm "Group=npm",
Environment=DISABLE_IPV6=true "WorkingDirectory=/opt/npm",
Environment=NODE_ENV=production "Environment=NODE_ENV=production",
ExecStart=/usr/bin/node /opt/npm/index.js # Environment=DISABLE_IPV6=true -> dodawane tylko gdy IPv6 NIE jest włączony flagą
Restart=on-failure ]
RestartSec=5 if not ipv6_enabled:
unit_lines.append("Environment=DISABLE_IPV6=true")
[Install] unit_lines += [
WantedBy=multi-user.target "ExecStart=/usr/bin/node /opt/npm/index.js",
""" "Restart=on-failure",
write_file(Path("/etc/systemd/system/npm.service"), unit, 0o644) "RestartSec=5",
"",
"[Install]",
"WantedBy=multi-user.target",
""
]
write_file(Path("/etc/systemd/system/npm.service"), "\n".join(unit_lines), 0o644)
write_file(Path("/etc/systemd/system/angie.service"), ANGIE_UNIT, 0o644) write_file(Path("/etc/systemd/system/angie.service"), ANGIE_UNIT, 0o644)
run(["systemctl","daemon-reload"]) run(["systemctl","daemon-reload"])
@@ -706,7 +719,7 @@ def print_summary(info, ipv6_enabled, dark_enabled, update_mode):
# ========== UPDATE-ONLY ========== # ========== UPDATE-ONLY ==========
def update_only(node_pkg: str, npm_version_override: str | None, apply_dark: bool, dark_env: dict): def update_only(node_pkg: str, npm_version_override: str | None, apply_dark: bool, dark_env: dict, ipv6_enabled: bool):
apt_update_upgrade() apt_update_upgrade()
install_node_and_yarn(node_pkg) install_node_and_yarn(node_pkg)
@@ -747,6 +760,9 @@ def update_only(node_pkg: str, npm_version_override: str | None, apply_dark: boo
os.chdir("/opt/npm") os.chdir("/opt/npm")
run(["yarn", "install"]) run(["yarn", "install"])
patch_npm_backend_commands()
create_systemd_units(ipv6_enabled=ipv6_enabled)
with step("Setting owners"): with step("Setting owners"):
run(["chown","-R","npm:npm","/opt/npm"]) run(["chown","-R","npm:npm","/opt/npm"])
@@ -856,7 +872,8 @@ def main():
TP_COMMUNITY_THEME=args.tp_community_theme, TP_COMMUNITY_THEME=args.tp_community_theme,
TP_SCHEME=args.tp_scheme, TP_SCHEME=args.tp_scheme,
TP_THEME=args.tp_theme, TP_THEME=args.tp_theme,
) ),
ipv6_enabled=args.enable_ipv6,
) )
info = gather_versions(version) info = gather_versions(version)
update_motd(args.motd == "yes", info, ipv6_enabled=args.enable_ipv6) update_motd(args.motd == "yes", info, ipv6_enabled=args.enable_ipv6)
@@ -865,13 +882,15 @@ def main():
apt_update_upgrade() apt_update_upgrade()
apt_purge(["nginx","openresty","nodejs","npm","yarn","certbot","rustc","cargo"]) apt_purge(["nginx","openresty","nodejs","npm","yarn","certbot","rustc","cargo"])
apt_install(["ca-certificates","curl","gnupg","openssl","apache2-utils","logrotate", apt_install(["ca-certificates","curl","gnupg","openssl","apache2-utils","logrotate","sudo",
"python3","python3-venv","sqlite3","build-essential"]) "python3","python3-venv","sqlite3","build-essential"])
setup_angie() setup_angie()
install_certbot_with_dns_plugins() install_certbot_with_dns_plugins()
install_node_and_yarn(args.nodejs_pkg) install_node_and_yarn(args.nodejs_pkg)
ensure_user_and_dirs() ensure_user_and_dirs()
create_sudoers_for_npm()
npm_app_version = deploy_npm_app(args.npm_version) npm_app_version = deploy_npm_app(args.npm_version)
if not args.enable_ipv6: if not args.enable_ipv6:
@@ -886,7 +905,7 @@ def main():
TP_SCHEME=args.tp_scheme, TP_SCHEME=args.tp_scheme,
TP_THEME=args.tp_theme) TP_THEME=args.tp_theme)
create_systemd_units() create_systemd_units(ipv6_enabled=args.enable_ipv6)
ensure_nginx_symlink() ensure_nginx_symlink()
install_logrotate_for_data_logs() install_logrotate_for_data_logs()