From e1c79837527ace57a8e5e9aaef01a80e2b2ef21c Mon Sep 17 00:00:00 2001
From: Neil Alexander <neilalexander@users.noreply.github.com>
Date: Fri, 14 Dec 2018 14:25:26 +0000
Subject: [PATCH] Update debian package to fix systemd disabling (not good for
 remote systems) and add group yggdrasil for admin socket/conf

---
 contrib/deb/generate.sh           | 24 +++++++++++++++++-------
 contrib/systemd/yggdrasil.service |  3 ++-
 2 files changed, 19 insertions(+), 8 deletions(-)

diff --git a/contrib/deb/generate.sh b/contrib/deb/generate.sh
index 618f00f..0eb2188 100644
--- a/contrib/deb/generate.sh
+++ b/contrib/deb/generate.sh
@@ -71,29 +71,39 @@ etc/systemd/system/*.service etc/systemd/system
 EOF
 cat > /tmp/$PKGNAME/debian/postinst << EOF
 #!/bin/sh
+
+if ! getent group yggdrasil 2>&1 > /dev/null; then
+  addgroup --system --quiet yggdrasil
+fi
+
 if [ -f /etc/yggdrasil.conf ];
 then
   mkdir -p /var/backups
   echo "Backing up configuration file to /var/backups/yggdrasil.conf.`date +%Y%m%d`"
   cp /etc/yggdrasil.conf /var/backups/yggdrasil.conf.`date +%Y%m%d`
-  echo "Normalising /etc/yggdrasil.conf"
+  echo "Normalising and updating /etc/yggdrasil.conf"
   /usr/bin/yggdrasil -useconffile /var/backups/yggdrasil.conf.`date +%Y%m%d` -normaliseconf > /etc/yggdrasil.conf
-fi
-if command -v systemctl >/dev/null; then
-  systemctl daemon-reload >/dev/null || true
-  if [ -f /etc/systemd/system/multi-user.target.wants/yggdrasil.service ]; then
-    echo "Starting Yggdrasil"
+  chgrp yggdrasil /etc/yggdrasil.conf
+
+  if command -v systemctl >/dev/null; then
+    systemctl daemon-reload >/dev/null || true
+    systemctl enable yggdrasil || true
     systemctl start yggdrasil || true
   fi
+else
+  echo "Generating initial configuration file /etc/yggdrasil.conf"
+  echo "Please familiarise yourself with this file before starting Yggdrasil"
+  /usr/bin/yggdrasil -genconf > /etc/yggdrasil.conf
+  chgrp yggdrasil /etc/yggdrasil.conf
 fi
 EOF
 cat > /tmp/$PKGNAME/debian/prerm << EOF
 #!/bin/sh
 if command -v systemctl >/dev/null; then
   if systemctl is-active --quiet yggdrasil; then
-    echo "Stopping Yggdrasil"
     systemctl stop yggdrasil || true
   fi
+  systemctl disable yggdrasil || true
 fi
 EOF
 
diff --git a/contrib/systemd/yggdrasil.service b/contrib/systemd/yggdrasil.service
index 9ae4a07..1b6f1f0 100644
--- a/contrib/systemd/yggdrasil.service
+++ b/contrib/systemd/yggdrasil.service
@@ -4,6 +4,7 @@ Wants=network.target
 After=network.target
 
 [Service]
+Group=yggdrasil
 ProtectHome=true
 ProtectSystem=true
 SyslogIdentifier=yggdrasil
@@ -12,7 +13,7 @@ ExecStartPre=/bin/sh -ec "if ! test -s /etc/yggdrasil.conf; \
                 yggdrasil -genconf > /etc/yggdrasil.conf; \
                 echo 'WARNING: A new /etc/yggdrasil.conf file has been generated.'; \
             fi"
-ExecStart=/bin/sh -c "exec yggdrasil -useconf < /etc/yggdrasil.conf"
+ExecStart=/usr/bin/yggdrasil -useconffile /etc/yggdrasil.conf
 Restart=always
 
 [Install]