mirror of https://github.com/pi-hole/pi-hole
Add native systemd service (#4924)
commit
ff5ee29566
@ -0,0 +1,13 @@
|
|||||||
|
#!/usr/bin/env sh
|
||||||
|
|
||||||
|
# Source utils.sh for getFTLPIDFile()
|
||||||
|
PI_HOLE_SCRIPT_DIR='/opt/pihole'
|
||||||
|
utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh"
|
||||||
|
# shellcheck disable=SC1090
|
||||||
|
. "${utilsfile}"
|
||||||
|
|
||||||
|
# Get file paths
|
||||||
|
FTL_PID_FILE="$(getFTLPIDFile)"
|
||||||
|
|
||||||
|
# Cleanup
|
||||||
|
rm -f /run/pihole/FTL.sock /dev/shm/FTL-* "${FTL_PID_FILE}"
|
@ -0,0 +1,38 @@
|
|||||||
|
#!/usr/bin/env sh
|
||||||
|
|
||||||
|
# Source utils.sh for getFTLPIDFile()
|
||||||
|
PI_HOLE_SCRIPT_DIR='/opt/pihole'
|
||||||
|
utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh"
|
||||||
|
# shellcheck disable=SC1090
|
||||||
|
. "${utilsfile}"
|
||||||
|
|
||||||
|
# Get file paths
|
||||||
|
FTL_PID_FILE="$(getFTLPIDFile)"
|
||||||
|
|
||||||
|
# Touch files to ensure they exist (create if non-existing, preserve if existing)
|
||||||
|
# shellcheck disable=SC2174
|
||||||
|
mkdir -pm 0755 /run/pihole /var/log/pihole
|
||||||
|
[ -f "${FTL_PID_FILE}" ] || install -D -m 644 -o pihole -g pihole /dev/null "${FTL_PID_FILE}"
|
||||||
|
[ -f /var/log/pihole/FTL.log ] || install -m 644 -o pihole -g pihole /dev/null /var/log/pihole/FTL.log
|
||||||
|
[ -f /var/log/pihole/pihole.log ] || install -m 640 -o pihole -g pihole /dev/null /var/log/pihole/pihole.log
|
||||||
|
[ -f /etc/pihole/dhcp.leases ] || install -m 644 -o pihole -g pihole /dev/null /etc/pihole/dhcp.leases
|
||||||
|
# Ensure that permissions are set so that pihole-FTL can edit all necessary files
|
||||||
|
chown pihole:pihole /run/pihole /etc/pihole /var/log/pihole /var/log/pihole/FTL.log /var/log/pihole/pihole.log /etc/pihole/dhcp.leases
|
||||||
|
# Ensure that permissions are set so that pihole-FTL can edit the files. We ignore errors as the file may not (yet) exist
|
||||||
|
chmod -f 0644 /etc/pihole/macvendor.db /etc/pihole/dhcp.leases /var/log/pihole/FTL.log
|
||||||
|
chmod -f 0640 /var/log/pihole/pihole.log
|
||||||
|
# Chown database files to the user FTL runs as. We ignore errors as the files may not (yet) exist
|
||||||
|
chown -f pihole:pihole /etc/pihole/pihole-FTL.db /etc/pihole/gravity.db /etc/pihole/macvendor.db
|
||||||
|
# Chmod database file permissions so that the pihole group (web interface) can edit the file. We ignore errors as the files may not (yet) exist
|
||||||
|
chmod -f 0664 /etc/pihole/pihole-FTL.db
|
||||||
|
|
||||||
|
# Backward compatibility for user-scripts that still expect log files in /var/log instead of /var/log/pihole
|
||||||
|
# Should be removed with Pi-hole v6.0
|
||||||
|
if [ ! -f /var/log/pihole.log ]; then
|
||||||
|
ln -sf /var/log/pihole/pihole.log /var/log/pihole.log
|
||||||
|
chown -h pihole:pihole /var/log/pihole.log
|
||||||
|
fi
|
||||||
|
if [ ! -f /var/log/pihole-FTL.log ]; then
|
||||||
|
ln -sf /var/log/pihole/FTL.log /var/log/pihole-FTL.log
|
||||||
|
chown -h pihole:pihole /var/log/pihole-FTL.log
|
||||||
|
fi
|
@ -0,0 +1,41 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Pi-hole FTL
|
||||||
|
# This unit is supposed to indicate when network functionality is available, but it is only
|
||||||
|
# very weakly defined what that is supposed to mean, with one exception: at shutdown, a unit
|
||||||
|
# that is ordered after network-online.target will be stopped before the network
|
||||||
|
Wants=network-online.target
|
||||||
|
After=network-online.target
|
||||||
|
# A target that should be used as synchronization point for all host/network name service lookups.
|
||||||
|
# All services for which the availability of full host/network name resolution is essential should
|
||||||
|
# be ordered after this target, but not pull it in.
|
||||||
|
Wants=nss-lookup.target
|
||||||
|
Before=nss-lookup.target
|
||||||
|
|
||||||
|
# Limit (re)start loop to 5 within 1 minute
|
||||||
|
StartLimitBurst=5
|
||||||
|
StartLimitIntervalSec=60s
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
User=pihole
|
||||||
|
PermissionsStartOnly=true
|
||||||
|
AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_NET_ADMIN CAP_SYS_NICE CAP_IPC_LOCK CAP_CHOWN
|
||||||
|
|
||||||
|
ExecStartPre=/opt/pihole/pihole-FTL-prestart.sh
|
||||||
|
ExecStart=/usr/bin/pihole-FTL -f
|
||||||
|
Restart=on-failure
|
||||||
|
RestartSec=5s
|
||||||
|
ExecReload=/bin/kill -HUP $MAINPID
|
||||||
|
ExecStopPost=/opt/pihole/pihole-FTL-poststop.sh
|
||||||
|
|
||||||
|
# Use graceful shutdown with a reasonable timeout
|
||||||
|
TimeoutStopSec=10s
|
||||||
|
|
||||||
|
# Make /usr, /boot, /etc and possibly some more folders read-only...
|
||||||
|
ProtectSystem=full
|
||||||
|
# ... except /etc/pihole
|
||||||
|
# This merely retains r/w access rights, it does not add any new.
|
||||||
|
# Must still be writable on the host!
|
||||||
|
ReadWriteDirectories=/etc/pihole
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
Loading…
Reference in new issue