From 68b66a12b03aa83b1055b0e8ebd5d3ad69f7fff9 Mon Sep 17 00:00:00 2001 From: RubenKelevra Date: Wed, 6 Jul 2022 21:07:10 +0200 Subject: [PATCH 1/3] refactor: rename to kubo - systemd part --- misc/systemd/ipfs-sysusers.conf | 3 -- .../{ipfs-api.socket => kubo-api.socket} | 4 +-- ...pfs-gateway.socket => kubo-gateway.socket} | 4 +-- ...hardened.service => kubo-hardened.service} | 28 +++++++++---------- misc/systemd/kubo-sysusers.conf | 3 ++ misc/systemd/{ipfs.service => kubo.service} | 24 ++++++++-------- 6 files changed, 33 insertions(+), 33 deletions(-) delete mode 100644 misc/systemd/ipfs-sysusers.conf rename misc/systemd/{ipfs-api.socket => kubo-api.socket} (82%) rename misc/systemd/{ipfs-gateway.socket => kubo-gateway.socket} (82%) rename misc/systemd/{ipfs-hardened.service => kubo-hardened.service} (75%) create mode 100644 misc/systemd/kubo-sysusers.conf rename misc/systemd/{ipfs.service => kubo.service} (65%) diff --git a/misc/systemd/ipfs-sysusers.conf b/misc/systemd/ipfs-sysusers.conf deleted file mode 100644 index 9d5d8575623..00000000000 --- a/misc/systemd/ipfs-sysusers.conf +++ /dev/null @@ -1,3 +0,0 @@ -u ipfs - "IPFS daemon" /var/lib/ipfs -g ipfs - -m ipfs ipfs diff --git a/misc/systemd/ipfs-api.socket b/misc/systemd/kubo-api.socket similarity index 82% rename from misc/systemd/ipfs-api.socket rename to misc/systemd/kubo-api.socket index 10dbd675794..84f3dc0dbe9 100644 --- a/misc/systemd/ipfs-api.socket +++ b/misc/systemd/kubo-api.socket @@ -2,10 +2,10 @@ # config. [Unit] -Description=IPFS API Socket +Description=Kubo's API Socket [Socket] -Service=ipfs.service +Service=kubo.service FileDescriptorName=io.ipfs.api BindIPv6Only=true ListenStream=127.0.0.1:5001 diff --git a/misc/systemd/ipfs-gateway.socket b/misc/systemd/kubo-gateway.socket similarity index 82% rename from misc/systemd/ipfs-gateway.socket rename to misc/systemd/kubo-gateway.socket index 5e20bd83a1f..f0c73563829 100644 --- a/misc/systemd/ipfs-gateway.socket +++ b/misc/systemd/kubo-gateway.socket @@ -2,10 +2,10 @@ # your config. [Unit] -Description=IPFS Gateway Socket +Description=Kubo's Gateway Socket [Socket] -Service=ipfs.service +Service=kubo.service FileDescriptorName=io.ipfs.gateway BindIPv6Only=true ListenStream=127.0.0.1:8080 diff --git a/misc/systemd/ipfs-hardened.service b/misc/systemd/kubo-hardened.service similarity index 75% rename from misc/systemd/ipfs-hardened.service rename to misc/systemd/kubo-hardened.service index 261b82e2a06..10cc966fb34 100644 --- a/misc/systemd/ipfs-hardened.service +++ b/misc/systemd/kubo-hardened.service @@ -1,29 +1,29 @@ # This file will be overwritten on package upgrades, avoid customizations here. # # To make persistent changes, create file in -# "/etc/systemd/system/ipfs.service.d/overwrite.conf" with -# `systemctl edit ipfs.service`. This file will be parsed after this +# "/etc/systemd/system/kubo.service.d/overwrite.conf" with +# `systemctl edit kubo.service`. This file will be parsed after this # file has been parsed. # # To overwrite a variable, like ExecStart you have to specify it once # blank and a second time with a new value, like: # ExecStart= -# ExecStart=/usr/bin/ipfs daemon --flag1 --flag2 +# ExecStart=/usr/bin/kubo daemon --flag1 --flag2 # # For more info about custom unit files see systemd.unit(5). -# This service file enables systemd-hardening features compatible with IPFS, +# This service file enables systemd-hardening features compatible with Kubo, # while breaking compatibility with the fuse-mount function. Use this one only # if you don't need the fuse-mount functionality. [Unit] -Description=InterPlanetary File System (IPFS) daemon +Description=Kubo daemon for the InterPlanetary File System (IPFS) Documentation=https://docs.ipfs.tech/ After=network.target [Service] # hardening -ReadWritePaths="/var/lib/ipfs/" +ReadWritePaths="/var/lib/kubo/" NoNewPrivileges=true ProtectSystem=strict ProtectKernelTunables=true @@ -51,26 +51,26 @@ CapabilityBoundingSet=CAP_NET_BIND_SERVICE # enable for 1-1024 port listening #AmbientCapabilities=CAP_NET_BIND_SERVICE # enable to specify a custom path see docs/environment-variables.md for further documentations -#Environment=IPFS_PATH=/custom/ipfs/path +#Environment=IPFS_PATH=/custom/kubo/path # enable to specify a higher limit for open files/connections #LimitNOFILE=1000000 #don't use swap MemorySwapMax=0 -# Don't timeout on startup. Opening the IPFS repo can take a long time in some cases (e.g., when -# badger is recovering) and migrations can delay startup. +# Don't timeout on startup. Opening the Kubo repo can take a long time in some cases (e.g., when +# badger is recovering). # # Ideally, we'd be a bit smarter about this but there's no good way to do that without hooking -# systemd dependencies deeper into go-ipfs. +# systemd dependencies deeper into Kubo. TimeoutStartSec=infinity Type=notify -User=ipfs -Group=ipfs -StateDirectory=ipfs +User=kubo +Group=kubo +StateDirectory=kubo Environment=IPFS_PATH="${HOME}" -ExecStart=/usr/bin/ipfs daemon --init --migrate +ExecStart=/usr/bin/kubo daemon --enable-gc Restart=on-failure KillSignal=SIGINT diff --git a/misc/systemd/kubo-sysusers.conf b/misc/systemd/kubo-sysusers.conf new file mode 100644 index 00000000000..c8ff0ca3d33 --- /dev/null +++ b/misc/systemd/kubo-sysusers.conf @@ -0,0 +1,3 @@ +u kubo - "Kubo daemon for ipfs" /var/lib/kubo +g kubo - +m kubo kubo diff --git a/misc/systemd/ipfs.service b/misc/systemd/kubo.service similarity index 65% rename from misc/systemd/ipfs.service rename to misc/systemd/kubo.service index 0051dffdd63..145bf6d2e93 100644 --- a/misc/systemd/ipfs.service +++ b/misc/systemd/kubo.service @@ -1,19 +1,19 @@ # This file will be overwritten on package upgrades, avoid customizations here. # # To make persistent changes, create file in -# "/etc/systemd/system/ipfs.service.d/overwrite.conf" with -# `systemctl edit ipfs.service`. This file will be parsed after this +# "/etc/systemd/system/kubo.service.d/overwrite.conf" with +# `systemctl edit kubo.service`. This file will be parsed after this # file has been parsed. # # To overwrite a variable, like ExecStart you have to specify it once # blank and a second time with a new value, like: # ExecStart= -# ExecStart=/usr/bin/ipfs daemon --flag1 --flag2 +# ExecStart=/usr/bin/kubo daemon --flag1 --flag2 # # For more info about custom unit files see systemd.unit(5). [Unit] -Description=InterPlanetary File System (IPFS) daemon +Description=Kubo daemon for the InterPlanetary File System (IPFS) Documentation=https://docs.ipfs.tech/ After=network.target @@ -22,26 +22,26 @@ After=network.target # enable for 1-1024 port listening #AmbientCapabilities=CAP_NET_BIND_SERVICE # enable to specify a custom path see docs/environment-variables.md for further documentations -#Environment=IPFS_PATH=/custom/ipfs/path +#Environment=IPFS_PATH=/custom/kubo/path # enable to specify a higher limit for open files/connections #LimitNOFILE=1000000 #don't use swap MemorySwapMax=0 -# Don't timeout on startup. Opening the IPFS repo can take a long time in some cases (e.g., when -# badger is recovering) and migrations can delay startup. +# Don't timeout on startup. Opening the Kubo repo can take a long time in some cases (e.g., when +# badger is recovering). # # Ideally, we'd be a bit smarter about this but there's no good way to do that without hooking -# systemd dependencies deeper into go-ipfs. +# systemd dependencies deeper into Kubo. TimeoutStartSec=infinity Type=notify -User=ipfs -Group=ipfs -StateDirectory=ipfs +User=kubo +Group=kubo +StateDirectory=kubo Environment=IPFS_PATH="${HOME}" -ExecStart=/usr/bin/ipfs daemon --init --migrate +ExecStart=/usr/bin/kubo daemon --enable-gc Restart=on-failure KillSignal=SIGINT From 1f5abdf0b2d9f167ac5afd1143c00a058d8b639f Mon Sep 17 00:00:00 2001 From: "@RubenKelevra" Date: Fri, 19 Aug 2022 14:50:48 +0200 Subject: [PATCH 2/3] Update misc/systemd/kubo-api.socket Co-authored-by: Marcin Rataj --- misc/systemd/kubo-api.socket | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/misc/systemd/kubo-api.socket b/misc/systemd/kubo-api.socket index 84f3dc0dbe9..4a7bfdb6a24 100644 --- a/misc/systemd/kubo-api.socket +++ b/misc/systemd/kubo-api.socket @@ -2,7 +2,7 @@ # config. [Unit] -Description=Kubo's API Socket +Description=Kubo's RPC API Socket [Socket] Service=kubo.service From 0998b9fe49b60cce2aad6092ee98d8578150ebf6 Mon Sep 17 00:00:00 2001 From: "@RubenKelevra" Date: Fri, 19 Aug 2022 18:37:14 +0200 Subject: [PATCH 3/3] Update misc/systemd/kubo-hardened.service Co-authored-by: Marcin Rataj --- misc/systemd/kubo-hardened.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/misc/systemd/kubo-hardened.service b/misc/systemd/kubo-hardened.service index 10cc966fb34..f4fde2b5520 100644 --- a/misc/systemd/kubo-hardened.service +++ b/misc/systemd/kubo-hardened.service @@ -51,7 +51,7 @@ CapabilityBoundingSet=CAP_NET_BIND_SERVICE # enable for 1-1024 port listening #AmbientCapabilities=CAP_NET_BIND_SERVICE # enable to specify a custom path see docs/environment-variables.md for further documentations -#Environment=IPFS_PATH=/custom/kubo/path +#Environment=IPFS_PATH=/custom/kubo-repo/path # enable to specify a higher limit for open files/connections #LimitNOFILE=1000000