Write systemd unit file for pihole-FTL, delete old init.d file

Signed-off-by: DL6ER <dl6er@dl6er.de>

advanced/pihole-FTL-prestart.sh

@@ -0,0 +1,10 @@
+/bin/touch /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole.log
+/bin/mkdir -p /var/run/pihole /var/log/pihole
+/bin/chown pihole:pihole /var/run/pihole /var/log/pihole
+if [ -e "/var/run/pihole/FTL.sock" ]; then
+  /bin/rm /var/run/pihole/FTL.sock
+fi
+/bin/chown pihole:pihole /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /etc/pihole /etc/pihole/dhcp.leases /var/log/pihole.log
+/bin/chmod 0644 /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole.log
+#/sbin/setcap "CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN+eip" "/usr/bin/pihole-FTL"
+/bin/echo "nameserver 127.0.0.1" | /sbin/resolvconf -a lo.piholeFTL

advanced/pihole-FTL.service

@@ -1,89 +1,30 @@
-#!/bin/bash
-### BEGIN INIT INFO
-# Provides:          pihole-FTL
-# Required-Start:    $remote_fs $syslog
-# Required-Stop:     $remote_fs $syslog
-# Default-Start:     2 3 4 5
-# Default-Stop:      0 1 6
-# Short-Description: pihole-FTL daemon
-# Description:       Enable service provided by pihole-FTL daemon
-### END INIT INFO
-
-FTLUSER=pihole
-PIDFILE=/var/run/pihole-FTL.pid
-
-get_pid() {
-    pidof "pihole-FTL"
-}
-
-is_running() {
-    ps "$(get_pid)" > /dev/null 2>&1
-}
-
-
-# Start the service
-start() {
-  if is_running; then
-    echo "pihole-FTL is already running"
-  else
-    touch /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole.log
-    mkdir -p /var/run/pihole
-    mkdir -p /var/log/pihole
-    chown pihole:pihole /var/run/pihole /var/log/pihole
-    rm /var/run/pihole/FTL.sock 2> /dev/null
-    chown pihole:pihole /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port
-    chown pihole:pihole /etc/pihole /etc/pihole/dhcp.leases /var/log/pihole.log
-    chmod 0644 /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole.log
-    setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN+eip "$(which pihole-FTL)"
-    echo "nameserver 127.0.0.1" | /sbin/resolvconf -a lo.piholeFTL
-    su -s /bin/sh -c "/usr/bin/pihole-FTL" "$FTLUSER"
-    echo
-  fi
-}
-
-# Stop the service
-stop() {
-  if is_running; then
-    /sbin/resolvconf -d lo.piholeFTL
-    kill "$(get_pid)"
-    for i in {1..5}; do
-      if ! is_running; then
-        break
-      fi
-
-      echo -n "."
-      sleep 1
-    done
-    echo
-
-    if is_running; then
-      echo "Not stopped; may still be shutting down or shutdown may have failed, killing now"
-      kill -9 "$(get_pid)"
-      exit 1
-    else
-      echo "Stopped"
-    fi
-  else
-    echo "Not running"
-  fi
-  echo
-}
-
-### main logic ###
-case "$1" in
-  stop)
-        stop
-        ;;
-  status)
-        status pihole-FTL
-        ;;
-  start|restart|reload|condrestart)
-        stop
-        start
-        ;;
-  *)
-        echo $"Usage: $0 {start|stop|restart|reload|status}"
-        exit 1
-esac
-
-exit 0
+[Unit]
+Description=Pi-hole FTLDNS
+After=network.target
+
+[Service]
+Restart=on-abnormal
+User=root
+Group=root
+
+Type=forking
+PIDFile=/run/pihole-FTL.pid
+
+ExecStartPre=/bin/bash /etc/.pihole/advanced/pihole-FTL-prestart.sh
+ExecStart=/bin/su -s /bin/sh -c "/usr/bin/pihole-FTL" "pihole"
+ExecReload=/bin/kill -USR1 $MAINPID
+
+; Use graceful shutdown with a reasonable timeout
+KillMode=mixed
+KillSignal=SIGQUIT
+TimeoutStopSec=5s
+
+; Make /usr, /boot, /etc and possibly some more folders read-only...
+ProtectSystem=full
+; ... except /etc/pihole
+; This merely retains r/w access rights, it does not add any new.
+; Must still be writable on the host!
+ReadWriteDirectories=/etc/pihole
+
+[Install]
+WantedBy=multi-user.target