feat: Use override.conf files for systemd unit config

packages/dart/sshnoports/bundles/shell/install.sh

@@ -202,7 +202,10 @@ install_all_binaries() {
 # SYSTEMD #
 
 post_systemd_message() {
-  echo "Systemd unit installed, make sure to configure the unit by editing $dest"
+  echo "Systemd unit installed, make sure to configure the unit by editing"
+  echo "the override.conf using:"
+  echo "  sudo systemctl edit $unit_name"
+  echo ""
   echo "Learn more in $script_dir/systemd/README.md"
   echo ""
   echo "To enable the service on next boot:"
@@ -215,9 +218,14 @@ post_systemd_message() {
 install_systemd_unit() {
   unit_name="$1"
   no_mac
-  mkdir -p "$systemd_dir"
+  mkdir -p "$systemd_dir/$unit_name.d"
   dest="$systemd_dir/$unit_name"
   cp "$script_dir/systemd/$unit_name" "$dest"
+  if [ -f "$dest/$unit_name.d" ]; then
+    echo "systemd config already in place"
+  else
+    cp "$script_dir/systemd/$unit_name.d/override.conf" "$dest/$unit_name.d"
+  fi
   post_systemd_message
 }
 

packages/dart/sshnoports/bundles/shell/systemd/README.md

@@ -1,78 +1,91 @@
-# Systemd Units
-
-This directory contains systemd unit definitions for running various components
-of the SSH No Ports suite.
-
-## sshnpd
-
-### Installation
-
-The `sshnpd.service` file should be placed in `/etc/systemd/system` (as root).
-
-Modify the `sshnpd.service` unit to use the appropriate host and client atSigns,
-(The boilerplate uses @device_atsign @manager_atsign) as well as the devicename.
-Also change the username and make sure that username running sshnpd has the
-.atkeys file in place at '~/.atsign/keys'.
-
-Run the following command to view full usage information of the sshnpd binary:
-```sh
-/usr/local/bin/sshnpd
-```
-
-### Usage
-
-To enable the service:
-
-```sh
-sudo systemctl enable sshnpd.service
-```
-
-The services will then start at the next reboot, or can be started immediately
-with:
-
-```sh
-sudo systemctl start sshnpd.service
-```
-
-To view the realtime logs, use journalctl:
-
-```sh
-sudo journalctl -u sshnpd.service
-```
-
-## srvd
-
-### Installation
-
-The `srvd.service` file should be placed in `/etc/systemd/system` (as root).
-
-Modify the `srvd.service` unit to use the appropriate atSign,
-(The boilerplate uses @atsign) as well as the internet address.
-Also change the username and make sure that username running srvd has the
-.atkeys file in place at '~/.atsign/keys'.
-
-Run the following command to view full usage information of the srvd binary:
-```sh
-/usr/local/bin/srvd
-```
-
-### Usage
-
-To enable the service use:
-
-```sh
-sudo systemctl enable srvd.service
-```
-
-The services will then start at the next reboot, or can be started immediately
-with:
-
-```sh
-sudo systemctl start srvd.service
-```
-
-To view the realtime logs, use journalctl:
-
-```sh
-sudo journalctl -u srvd.service
-```
+# Systemd Units
+
+This directory contains systemd unit definitions for running various
+components of the NoPorts suite.
+
+## sshnpd
+
+### Installation
+
+The `sshnpd.service` file should be placed in `/etc/systemd/system` (as root).
+
+The `sshnpd.service` unit `override.conf` can be modified by running:
+
+```sh
+sudo systemctl edit sshnpd
+```
+
+It should be edited to use the appropriate host and client atSigns, (The
+boilerplate uses @device_atsign @manager_atsign) as well as the devicename.
+Also change the username and make sure that username running sshnpd has the
+.atkeys file in place at '~/.atsign/keys'.
+
+Run the following command to view full usage information of the sshnpd binary:
+```sh
+/usr/local/bin/sshnpd
+```
+
+### Usage
+
+To enable the service:
+
+```sh
+sudo systemctl enable sshnpd
+```
+
+The services will then start at the next reboot, or can be started immediately
+with:
+
+```sh
+sudo systemctl start sshnpd
+```
+
+To view the realtime logs, use journalctl:
+
+```sh
+journalctl -u sshnpd -f
+```
+
+## srvd
+
+### Installation
+
+The `srvd.service` file should be placed in `/etc/systemd/system` (as root).
+
+The `srvd.service` unit `override.conf` can be modified by running:
+
+```sh
+sudo systemctl edit ssrvd
+```
+
+It should be edited to use the appropriate atSign,
+(The boilerplate uses @atsign) as well as the internet address.
+Also change the username and make sure that username running srvd has the
+.atkeys file in place at '~/.atsign/keys'.
+
+Run the following command to view full usage information of the srvd binary:
+
+```sh
+/usr/local/bin/srvd
+```
+
+### Usage
+
+To enable the service use:
+
+```sh
+sudo systemctl enable srvd
+```
+
+The services will then start at the next reboot, or can be started immediately
+with:
+
+```sh
+sudo systemctl start srvd
+```
+
+To view the realtime logs, use journalctl:
+
+```sh
+journalctl -u srvd -f
+```

packages/dart/sshnoports/bundles/shell/systemd/srvd.service

@@ -10,21 +10,6 @@ Type=simple
 Restart=always
 RestartSec=3
 
-# Configuration of srvd service
-# This unit script is a template for the srvd background service.
-# You can configure the service by editing the variables below.
-# This service file covers the common configuration options for srvd.
-# To see all available options, run `srvd` with no arguments.
-
-# MANDATORY: User to run the daemon as
-User=<username>
-
-# MANDATORY: Srvd atSign
-Environment=atsign="@my_rvd"
-
-# MANDATORY: Public FQDN or IP address of the machine running the srvd
-Environment=internet_address=""
-
 # The line below runs the srvd service, with the options set above.
 # You can edit this line to further customize the service to your needs.
-ExecStart=/usr/local/bin/srvd -a "$atsign" -i "$internet_address"
+ExecStart=/usr/local/bin/srvd -a "$atsign" -i "$internet_address" "$additional_args"

packages/dart/sshnoports/bundles/shell/systemd/srvd.service.d/override.conf

@@ -0,0 +1,19 @@
+# Configuration of srvd service
+# This override configuration is a template for the srvd service.
+# You can configure the service by editing the variables below.
+# This ovverride config covers the common configuration options for srvd.
+# To see all available options, run `srvd` with no arguments.
+
+[Service]
+
+# MANDATORY: User to run the daemon as
+User=<username>
+
+# MANDATORY: Srvd atSign
+Environment=atsign="@my_rvd"
+
+# MANDATORY: Public FQDN or IP address of the machine running the srvd
+Environment=internet_address=""
+
+# Any additional command line arguments for srvd
+Environment=additional_args=""

packages/dart/sshnoports/bundles/shell/systemd/sshnpd.service

@@ -2,12 +2,6 @@
 Description=Ssh No Ports Daemon
 After=network-online.target
 
-# Uncomment the following line to make this unit fail if sshd isn't started first
-; Requisite=sshd.service
-
-# Uncomment the following line to make this unit auto-start sshd if it isn't started
-; Requires=sshd.service
-
 [Install]
 WantedBy=multi-user.target
 
@@ -16,36 +10,7 @@ Type=simple
 Restart=always
 RestartSec=3
 
-# Configuration of sshnpd service
-# This unit script is a template for the sshnpd background service.
-# You can configure the service by editing the variables below.
-# This service file covers the common configuration options for sshnpd.
-# To see all available options, run `sshnpd` with no arguments.
-
-# MANDATORY: User to run the daemon as
-User=<username>
-
-# MANDATORY: Manager/client address (atSign)
-Environment=manager_atsign="@example_client"
-
-# MANDATORY: Device address (atSign)
-Environment=device_atsign="@example_device"
-
-# OPTIONAL: Delegated access policy management
-Environment=delegate_policy=""
-
-# Device name
-Environment=device_name="default"
-
-# Comment if you don't want the daemon to update authorized_keys to include public keys sent by authorized manager atSigns
-Environment=s="-s"
-
-# Comment if you don't want the daemon to share various information with the manager atsign - e.g. username, version, etc - without the manager atSign needing to know this daemon's device name
-Environment=u="-u"
-
-# Comment to disable verbose logging
-Environment=v="-v"
-
-# The line below runs the sshnpd service, with the options set above.
-# You can edit this line to further customize the service to your needs.
-ExecStart=/usr/local/bin/sshnpd -a "$device_atsign" -m "$manager_atsign" -d "$device_name" "$delegate_policy" "$s" "$u" "$v"
+# The line below runs the sshnpd service, with the options set in
+# /etc/systemd/system/sshnpd.d/override.conf.
+# You can edit that config with: sudo systemctl edit sshnpd
+ExecStart=/usr/local/bin/sshnpd -a "$device_atsign" -m "$manager_atsign" -d "$device_name" "$delegate_policy" "$s" "$u" "$v" "$additional_args"

packages/dart/sshnoports/bundles/shell/systemd/sshnpd.service.d/override.conf

@@ -0,0 +1,39 @@
+# Configuration of sshnpd service
+# This override configuration is a template for the sshnpd service.
+# You can configure the service by editing the variables below.
+# This service file covers the common configuration options for sshnpd.
+# To see all available options, run `sshnpd` with no arguments.
+
+[Unit]
+
+# Uncomment the following line to make this unit fail if sshd isn't started first
+; Requisite=sshd.service
+
+# Uncomment the following line to make this unit auto-start sshd if it isn't started
+; Requires=sshd.service
+
+[Service]
+
+# MANDATORY: User to run the daemon as
+User=<username>
+
+# MANDATORY: Manager (client) or policy manager address (atSign)
+Environment=manager_atsign="@example_client"
+
+# MANDATORY: Device address (atSign)
+Environment=device_atsign="@example_device"
+
+# OPTIONAL: Delegated access policy management
+Environment=delegate_policy=""
+
+# Device name
+Environment=device_name="default"
+
+# Comment if you don't want the daemon to update authorized_keys to include public keys sent by authorized manager atSigns
+Environment=s="-s"
+
+# Comment to disable verbose logging
+Environment=v="-v"
+
+# Any additional command line arguments for sshnpd
+Environment=additional_args=""

packages/dart/sshnoports/bundles/universal.sh

@@ -900,20 +900,24 @@ device() {
       echo "sshnpd installed with launchd"
       ;;
     systemd)
-      systemd_service="/etc/systemd/system/sshnpd.service"
-      write_systemd_user "$systemd_service" "$user"
-      write_systemd_environment "$systemd_service" "manager_atsign" "$(norm_atsign "$client_atsign")"
-      write_systemd_environment "$systemd_service" "device_atsign" "$(norm_atsign "$device_atsign")"
-      if [ -n "$policy_atsign" ]; then
-        write_systemd_environment "$systemd_service" "delegate_policy" "-p $(norm_atsign "$policy_atsign")"
+      systemd_config="/etc/systemd/system/sshnpd.service.d/override.conf"
+      if [ -f "$systemd_config" ]; then
+        echo "systemd config for sshnpd service already in place"
+      else
+        write_systemd_user "$systemd_config" "$user"
+        write_systemd_environment "$systemd_config" "manager_atsign" "$(norm_atsign "$client_atsign")"
+        write_systemd_environment "$systemd_config" "device_atsign" "$(norm_atsign "$device_atsign")"
+        if [ -n "$policy_atsign" ]; then
+          write_systemd_environment "$systemd_config" "delegate_policy" "-p $(norm_atsign "$policy_atsign")"
+        fi
+        write_systemd_environment "$systemd_config" "device_name" "$device_name"
       fi
-      write_systemd_environment "$systemd_service" "device_name" "$device_name"
 
       systemctl enable sshnpd
       systemctl restart sshnpd
 
       echo "sshnpd installed with systemd. To see logs use:"
-      echo "journalctl -u sshnpd.service -f"
+      echo "  journalctl -u sshnpd -f"
       ;;
     tmux | headless)
       shell_script="$bin_path"/sshnpd.sh