diff options
| -rw-r--r-- | modules/teleterm/files/teleterm.service | 2 | ||||
| -rw-r--r-- | modules/teleterm/manifests/init.pp | 12 | ||||
| -rw-r--r-- | modules/tozt/manifests/teleterm.pp | 10 | ||||
| -rw-r--r-- | modules/tozt/templates/teleterm.toml | 4 |
4 files changed, 25 insertions, 3 deletions
diff --git a/modules/teleterm/files/teleterm.service b/modules/teleterm/files/teleterm.service index 395da76..dad7c42 100644 --- a/modules/teleterm/files/teleterm.service +++ b/modules/teleterm/files/teleterm.service @@ -3,7 +3,7 @@ Description = runs teleterm After=network.target [Service] -ExecStart=/usr/bin/tt server +ExecStart=/usr/bin/env -u HOME /usr/bin/tt server Restart=always [Install] diff --git a/modules/teleterm/manifests/init.pp b/modules/teleterm/manifests/init.pp index f9c2303..9d4ce1d 100644 --- a/modules/teleterm/manifests/init.pp +++ b/modules/teleterm/manifests/init.pp @@ -1,6 +1,16 @@ class teleterm($source) { include systemd + group { "teleterm": + ensure => present; + } + user { "teleterm": + ensure => present, + gid => "teleterm", + system => true, + require => Group["teleterm"]; + } + package { "teleterm": ensure => installed, source => $source, @@ -19,6 +29,8 @@ class teleterm($source) { require => [ File["/etc/systemd/system/teleterm.service"], Exec["/usr/bin/systemctl daemon-reload"], + User["teleterm"], + Group["teleterm"], ]; } } diff --git a/modules/tozt/manifests/teleterm.pp b/modules/tozt/manifests/teleterm.pp index 71cf3e6..17e15b8 100644 --- a/modules/tozt/manifests/teleterm.pp +++ b/modules/tozt/manifests/teleterm.pp @@ -17,5 +17,15 @@ class tozt::teleterm { content => template("tozt/teleterm.toml"), require => File["/etc/teleterm"], notify => Service["teleterm"]; + "/var/lib/teleterm": + ensure => directory, + owner => "teleterm", + group => "teleterm", + mode => "0700", + require => [ + User["teleterm"], + Group["teleterm"], + ], + before => Service["teleterm"]; } } diff --git a/modules/tozt/templates/teleterm.toml b/modules/tozt/templates/teleterm.toml index 4524814..f651e52 100644 --- a/modules/tozt/templates/teleterm.toml +++ b/modules/tozt/templates/teleterm.toml @@ -2,8 +2,8 @@ listen_address = "0.0.0.0:4144" allowed_login_methods = ["recurse_center"] tls_identity_file = "/media/persistent/certbot/live/tozt.net/identity.pfx" -uid = "nobody" -gid = "nobody" +uid = "teleterm" +gid = "teleterm" [oauth.recurse_center] client_id = "<%= @client_id %>" |