update group creation etc

jaxxstorm · jaxxstorm · commit e46b9ffa1a52 · 2024-12-12T12:04:56.000Z
diff --git a/derper.service b/derper.service
@@ -20,6 +20,8 @@ ProtectKernelTunables=yes
 ProtectKernelModules=yes
 ProtectControlGroups=yes
 AmbientCapabilities=CAP_NET_BIND_SERVICE
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+
 
 [Install]
 WantedBy=multi-user.target
diff --git a/scripts/postinstall.sh b/scripts/postinstall.sh
@@ -1,6 +1,16 @@
 #!/bin/sh
+# Reload systemd daemon to account for new/updated service files
 systemctl daemon-reload
+
+# Enable services
 systemctl enable xdpderper.service
 systemctl enable derper.service
+
+# Start services
 systemctl start xdpderper.service
-systemctl start derper.service
+systemctl start derper.service
+
+# setcap
+sudo setcap 'cap_net_bind_service=+ep' /usr/bin/derper
+sudo setcap 'cap_net_bind_service=+ep' /usr/bin/xdpderper
+
diff --git a/scripts/preinstall.sh b/scripts/preinstall.sh
@@ -1,5 +1,5 @@
 #!/bin/sh
 getent group xdpderper >/dev/null || groupadd -r xdpderper
-getent passwd xdpderper >/dev/null || useradd -r -g xdpderper -s /sbin/nologin -c "XDPDERP server" xdpderper
+getent passwd xdpderper >/dev/null || useradd -r -g xdpderper -s /bin/bash -c "XDPDERP server" xdpderper
 getent group derper >/dev/null || groupadd -r derper
-getent passwd derper >/dev/null || useradd -r -g derper -s /sbin/nologin -c "DERP server" derper
+getent passwd derper >/dev/null || useradd -r -g derper -s /bin/bash -c "DERP server" derper
