Use default Tor instead of instances
This commit is contained in:
parent
1a771c5c4c
commit
8d42174d35
|
@ -1 +1,2 @@
|
|||
php-niver ALL= NOPASSWD: /usr/bin/systemctl reload nginx,/usr/bin/systemctl reload tor,/usr/bin/systemctl reload tor@niver,/usr/bin/chgrp ^sftpgo /srv/ht/[a-z]{1,128}$,/usr/bin/cat ^/var/lib/tor-instances/niver/keys/[a-z]{1,128}/hostname$
|
||||
php-niver ALL= NOPASSWD: /usr/bin/systemctl reload nginx,/usr/bin/systemctl reload tor,/usr/bin/chgrp ^sftpgo /srv/ht/[a-z]{1,128}$
|
||||
php-niver ALL=(tor) NOPASSWD: /usr/bin/cat ^/var/lib/tor/keys/[a-z]{1,128}/hostname$
|
||||
|
|
|
@ -29,13 +29,11 @@ chown -R php-niver:sftpgo /srv/ht
|
|||
chmod -R u=rwX,g=rwX,o=rX /srv/ht
|
||||
|
||||
if [[ $ID = "debian" ]]; then
|
||||
chown -R php-niver:_tor-niver /etc/tor/instances/niver
|
||||
chown -R _tor-niver:_tor-niver /var/lib/tor-instances/niver
|
||||
chown -R php-niver:debian-tor /etc/tor
|
||||
else
|
||||
chown -R php-niver:tor /etc/tor/instances/niver
|
||||
chown -R tor:tor /var/lib/tor-instances/niver
|
||||
chown -R php-niver:tor /etc/tor
|
||||
fi
|
||||
chmod -R u=rwX,g=rX,o= /etc/tor/instances/niver
|
||||
chmod -R u=rwX,g=rX,o= /etc/tor
|
||||
|
||||
chmod u=rX,g=rX,o=rX /srv/php
|
||||
|
||||
|
@ -44,7 +42,7 @@ chmod -R u=rX,g=rX,o= /srv/php/errors
|
|||
|
||||
chown -R php-niver:nginx /srv/php/niver
|
||||
chmod -R u=rX,g=rX,o=X /srv/php/niver
|
||||
chmod -R u=rwX,g=,o= /srv/php/niver/db /srv/php/niver/niver.log
|
||||
chmod -R u=rwX,g=,o= /srv/php/niver/db
|
||||
|
||||
# Load configuration in Knot database
|
||||
sudo -u knot knotc conf-import /etc/knot/knot.conf
|
||||
|
@ -69,22 +67,14 @@ display_errors = On
|
|||
extension = pdo_sqlite
|
||||
EOF
|
||||
|
||||
# Configure Tor properly
|
||||
# Configure Tor
|
||||
|
||||
if [[ $ID = "debian" ]]; then
|
||||
cat >> /etc/tor/instances/niver/torrc << EOF
|
||||
User _tor-niver
|
||||
DataDirectory /var/lib/tor-instances/niver
|
||||
EOF
|
||||
fi
|
||||
|
||||
if [[ $ID = "arch" ]]; then
|
||||
ln -s /etc/tor/instances/niver/torrc /etc/tor/torrc
|
||||
|
||||
cat >> /etc/tor/instances/niver/torrc << EOF
|
||||
User tor
|
||||
DataDirectory /var/lib/tor
|
||||
EOF
|
||||
sed -i 's/User tor/User debian-tor/' /etc/tor/torrc
|
||||
sed -i 's/reload tor/reload tor@default/' /etc/sudoers.d/niver
|
||||
sed -i 's/ALL=(tor)/ALL=(debian-tor)/' /etc/sudoers.d/niver
|
||||
sed -i 's/tor_service = "tor"/tor_service = "tor@default"/' /srv/php/niver/config.ini
|
||||
sed -i 's/tor_user = "tor"/tor_user = "debian-tor"/' /srv/php/niver/config.ini
|
||||
fi
|
||||
|
||||
# Start SystemD services at startup
|
||||
|
|
|
@ -13,11 +13,6 @@ if [[ $ID = "arch" ]]; then
|
|||
rm /etc/php/php-fpm.d/*
|
||||
fi
|
||||
|
||||
# Create dedicated Tor instance
|
||||
if [[ $ID = "debian" ]]; then
|
||||
tor-instance-create niver
|
||||
fi
|
||||
|
||||
# Generate default self-signed TLS key pair
|
||||
openssl req -subj '/' -new -newkey RSA:3072 -days 3650 -nodes -x509 -keyout /etc/ssl/private/niver.key -out /etc/ssl/certs/niver.crt
|
||||
|
||||
|
|
|
@ -1,3 +1,3 @@
|
|||
[Service]
|
||||
ReadWritePaths=/etc/nginx/ht
|
||||
ReadWritePaths=/etc/tor/instances/niver
|
||||
ReadWritePaths=/etc/tor
|
||||
|
|
|
@ -1,4 +1,3 @@
|
|||
[Service]
|
||||
ReadWritePaths=/var/lib/tor-instances/niver/
|
||||
# To allow reloading service on Arch Linux
|
||||
CapabilityBoundingSet=CAP_KILL
|
||||
|
|
Loading…
Reference in New Issue