From 34d98e9980c40450d9375ff48e9bdc31110d05c1 Mon Sep 17 00:00:00 2001 From: exci <76759714+icxes@users.noreply.github.com> Date: Thu, 7 Aug 2025 21:10:26 +0300 Subject: [PATCH] add systemd user services and templated services (#502) * move service files from contrib/package/arch/ to /contrib/systemd/ * add simpler default copyparty.conf that puts users in jail * remove warning about .conf files in ~/.config/copyparty/ * update PKGBUILD with changes * add links to configuration examples in index.md * fix link to the example config * update README.md arch instructions --------- Co-authored-by: icxes Co-authored-by: ed --- README.md | 6 +- contrib/package/arch/PKGBUILD | 58 ++++++++----------- contrib/package/arch/copyparty.conf | 7 --- contrib/package/arch/copyparty.service | 32 ---------- contrib/package/arch/index.md | 3 - contrib/systemd/copyparty-user.service | 26 +++++++++ contrib/systemd/copyparty.conf | 45 +++----------- contrib/systemd/copyparty.example.conf | 42 ++++++++++++++ contrib/systemd/copyparty@.service | 30 ++++++++++ contrib/systemd/index.md | 10 ++++ contrib/systemd/prisonparty-user.service | 33 +++++++++++ .../prisonparty@.service} | 25 ++++---- copyparty/svchub.py | 9 --- 13 files changed, 191 insertions(+), 135 deletions(-) delete mode 100644 contrib/package/arch/copyparty.conf delete mode 100644 contrib/package/arch/copyparty.service delete mode 100644 contrib/package/arch/index.md create mode 100644 contrib/systemd/copyparty-user.service create mode 100644 contrib/systemd/copyparty.example.conf create mode 100644 contrib/systemd/copyparty@.service create mode 100644 contrib/systemd/index.md create mode 100644 contrib/systemd/prisonparty-user.service rename contrib/{package/arch/prisonparty.service => systemd/prisonparty@.service} (51%) diff --git a/README.md b/README.md index 2afc4a81..39bd932f 100644 --- a/README.md +++ b/README.md @@ -2281,11 +2281,9 @@ if your distro/OS is not mentioned below, there might be some hints in the [«on `pacman -S copyparty` (in [arch linux extra](https://archlinux.org/packages/extra/any/copyparty/)) -it comes with a [systemd service](./contrib/package/arch/copyparty.service) and expects to find one or more [config files](./docs/example.conf) in `/etc/copyparty.d/` +it comes with a [systemd service](./contrib/systemd/copyparty@.service) as well as a [user service](./contrib/systemd/copyparty-user.service), and expects to find a [config file](./contrib/systemd/copyparty.example.conf) in `/etc/copyparty/copyparty.conf` or `~/.config/copyparty/copyparty.conf` -after installing it, you may want to `cp /usr/lib/systemd/system/copyparty.service /etc/systemd/system/` and then `vim /etc/systemd/system/copyparty.service` to change what user/group it is running as (you only need to do this once) - -NOTE: there used to be an aur package; this evaporated when copyparty was adopted by the official archlinux repos. If you're still using the aur package, please move +after installing, start either the system service or the user service and navigate to http://127.0.0.1:3923 for further instructions (unless you already edited the config files, in which case you are good to go, probably) ## fedora package diff --git a/contrib/package/arch/PKGBUILD b/contrib/package/arch/PKGBUILD index 9efb5c41..c6dc4687 100644 --- a/contrib/package/arch/PKGBUILD +++ b/contrib/package/arch/PKGBUILD @@ -1,4 +1,7 @@ # Maintainer: icxes +# Contributor: Morgan Adamiec +# NOTE: You generally shouldn't use this PKGBUILD on Arch, as it is mainly for testing purposes. Install copyparty using pacman instead. + pkgname=copyparty pkgver="1.18.10" pkgrel=1 @@ -6,52 +9,41 @@ pkgdesc="File server with accelerated resumable uploads, dedup, WebDAV, FTP, TFT arch=("any") url="https://github.com/9001/${pkgname}" license=('MIT') -depends=("python" "lsof" "python-jinja") +depends=("bash" "python" "lsof" "python-jinja") makedepends=("python-wheel" "python-setuptools" "python-build" "python-installer" "make" "pigz") optdepends=("ffmpeg: thumbnails for videos, images (slower) and audio, music tags" - "cfssl: generate TLS certificates on startup (pointless when reverse-proxied)" - "python-mutagen: music tags (alternative)" - "python-pillow: thumbnails for images" - "python-pyvips: thumbnails for images (higher quality, faster, uses more ram)" - "libkeyfinder-git: detection of musical keys" - "qm-vamp-plugins: BPM detection" - "python-pyopenssl: ftps functionality" - "python-pyzmq: send zeromq messages from event-hooks" - "python-argon2-cffi: hashed passwords in config" - "python-impacket-git: smb support (bad idea)" + "cfssl: generate TLS certificates on startup" + "python-mutagen: music tags (alternative)" + "python-pillow: thumbnails for images" + "python-pyvips: thumbnails for images (higher quality, faster, uses more ram)" + "libkeyfinder: detection of musical keys" + "python-pyopenssl: ftps functionality" + "python-pyzmq: send zeromq messages from event-hooks" + "python-argon2-cffi: hashed passwords in config" ) source=("https://github.com/9001/${pkgname}/releases/download/v${pkgver}/${pkgname}-${pkgver}.tar.gz") -backup=("etc/${pkgname}.d/init" ) +backup=("etc/${pkgname}/copyparty.conf" ) sha256sums=("49c5fedf7619437bc0af125cb4e8360d9bda9d87ef45d6314d7acf163ab4cf99") build() { + cd "${srcdir}/${pkgname}-${pkgver}/copyparty/web" + make + cd "${srcdir}/${pkgname}-${pkgver}" - - pushd copyparty/web - make -j$(nproc) - rm Makefile - popd - - python3 -m build -wn + python -m build --wheel --no-isolation } package() { cd "${srcdir}/${pkgname}-${pkgver}" - python3 -m installer -d "$pkgdir" dist/*.whl + python -m installer --destdir="$pkgdir" dist/*.whl - install -dm755 "${pkgdir}/etc/${pkgname}.d" + install -dm755 "${pkgdir}/etc/${pkgname}" install -Dm755 "bin/prisonparty.sh" "${pkgdir}/usr/bin/prisonparty" - install -Dm644 "contrib/package/arch/${pkgname}.conf" "${pkgdir}/etc/${pkgname}.d/init" - install -Dm644 "contrib/package/arch/${pkgname}.service" "${pkgdir}/usr/lib/systemd/system/${pkgname}.service" - install -Dm644 "contrib/package/arch/prisonparty.service" "${pkgdir}/usr/lib/systemd/system/prisonparty.service" - install -Dm644 "contrib/package/arch/index.md" "${pkgdir}/var/lib/${pkgname}-jail/README.md" + install -Dm644 "contrib/systemd/${pkgname}.conf" "${pkgdir}/etc/${pkgname}/copyparty.conf" + install -Dm644 "contrib/systemd/${pkgname}@.service" "${pkgdir}/usr/lib/systemd/system/${pkgname}@.service" + install -Dm644 "contrib/systemd/${pkgname}-user.service" "${pkgdir}/usr/lib/systemd/user/${pkgname}.service" + install -Dm644 "contrib/systemd/prisonparty@.service" "${pkgdir}/usr/lib/systemd/system/prisonparty@.service" + install -Dm644 "contrib/systemd/prisonparty-user.service" "${pkgdir}/usr/lib/systemd/user/prisonparty.service" + install -Dm644 "contrib/systemd/index.md" "${pkgdir}/var/lib/${pkgname}-jail/README.md" install -Dm644 "LICENSE" "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE" - - find /etc/${pkgname}.d -iname '*.conf' 2>/dev/null | grep -qE . && return - echo "┏━━━━━━━━━━━━━━━──-" - echo "┃ Configure ${pkgname} by adding .conf files into /etc/${pkgname}.d/" - echo "┃ and maybe copy+edit one of the following to /etc/systemd/system/:" - echo "┣━♦ /usr/lib/systemd/system/${pkgname}.service (standard)" - echo "┣━♦ /usr/lib/systemd/system/prisonparty.service (chroot)" - echo "┗━━━━━━━━━━━━━━━──-" } diff --git a/contrib/package/arch/copyparty.conf b/contrib/package/arch/copyparty.conf deleted file mode 100644 index 1d90d772..00000000 --- a/contrib/package/arch/copyparty.conf +++ /dev/null @@ -1,7 +0,0 @@ -## import all *.conf files from the current folder (/etc/copyparty.d) -% ./ - -# add additional .conf files to this folder; -# see example config files for reference: -# https://github.com/9001/copyparty/blob/hovudstraum/docs/example.conf -# https://github.com/9001/copyparty/tree/hovudstraum/docs/copyparty.d diff --git a/contrib/package/arch/copyparty.service b/contrib/package/arch/copyparty.service deleted file mode 100644 index 22dac3d6..00000000 --- a/contrib/package/arch/copyparty.service +++ /dev/null @@ -1,32 +0,0 @@ -# this will start `/usr/bin/copyparty-sfx.py` -# and read config from `/etc/copyparty.d/*.conf` -# -# you probably want to: -# change "User=cpp" and "/home/cpp/" to another user -# -# unless you add -q to disable logging, you may want to remove the -# following line to allow buffering (slightly better performance): -# Environment=PYTHONUNBUFFERED=x - -[Unit] -Description=copyparty file server - -[Service] -Type=notify -SyslogIdentifier=copyparty -Environment=PYTHONUNBUFFERED=x -WorkingDirectory=/var/lib/copyparty-jail -ExecReload=/bin/kill -s USR1 $MAINPID - -# user to run as + where the TLS certificate is (if any) -User=cpp -Environment=XDG_CONFIG_HOME=/home/cpp/.config - -# stop systemd-tmpfiles-clean.timer from deleting copyparty while it's running -ExecStartPre=+/bin/bash -c 'mkdir -p /run/tmpfiles.d/ && echo "x /tmp/pe-copyparty*" > /run/tmpfiles.d/copyparty.conf' - -# run copyparty -ExecStart=/usr/bin/python3 /usr/bin/copyparty -c /etc/copyparty.d/init - -[Install] -WantedBy=multi-user.target diff --git a/contrib/package/arch/index.md b/contrib/package/arch/index.md deleted file mode 100644 index 016c0b0a..00000000 --- a/contrib/package/arch/index.md +++ /dev/null @@ -1,3 +0,0 @@ -this is `/var/lib/copyparty-jail`, the fallback webroot when copyparty has not yet been configured - -please add some `*.conf` files to `/etc/copyparty.d/` diff --git a/contrib/systemd/copyparty-user.service b/contrib/systemd/copyparty-user.service new file mode 100644 index 00000000..c6f61000 --- /dev/null +++ b/contrib/systemd/copyparty-user.service @@ -0,0 +1,26 @@ +# this will start `/usr/bin/copyparty` +# and read config from `$HOME/.config/copyparty.conf` +# +# unless you add -q to disable logging, you may want to remove the +# following line to allow buffering (slightly better performance): +# Environment=PYTHONUNBUFFERED=x + +[Unit] +Description=copyparty file server + +[Service] +Type=notify +SyslogIdentifier=copyparty +WorkingDirectory=/var/lib/copyparty-jail +Environment=PYTHONUNBUFFERED=x +Environment=PRTY_CONFIG=%h/.config/copyparty/copyparty.conf +ExecReload=/bin/kill -s USR1 $MAINPID + +# ensure there is a config +ExecStartPre=/bin/bash -c 'if [[ ! -f %h/.config/copyparty/copyparty.conf ]]; then mkdir -p %h/.config/copyparty; cp /etc/copyparty/copyparty.conf %h/.config/copyparty/copyparty.conf; fi' + +# run copyparty +ExecStart=/usr/bin/python3 /usr/bin/copyparty + +[Install] +WantedBy=default.target diff --git a/contrib/systemd/copyparty.conf b/contrib/systemd/copyparty.conf index 79560d0d..5d9bdbe3 100644 --- a/contrib/systemd/copyparty.conf +++ b/contrib/systemd/copyparty.conf @@ -1,42 +1,13 @@ -# not actually YAML but lets pretend: -# -*- mode: yaml -*- -# vim: ft=yaml: - - -# put this file in /etc/ - - [global] - e2dsa # enable file indexing and filesystem scanning - e2ts # and enable multimedia indexing - ansi # and colors in log messages - - # disable logging to stdout/journalctl and log to a file instead; - # $LOGS_DIRECTORY is usually /var/log/copyparty (comes from systemd) - # and copyparty replaces %Y-%m%d with Year-MonthDay, so the - # full path will be something like /var/log/copyparty/2023-1130.txt - # (note: enable compression by adding .xz at the end) - q, lo: $LOGS_DIRECTORY/%Y-%m%d.log - - # p: 80,443,3923 # listen on 80/443 as well (requires CAP_NET_BIND_SERVICE) - # i: 127.0.0.1 # only allow connections from localhost (reverse-proxies) - # ftp: 3921 # enable ftp server on port 3921 - # p: 3939 # listen on another port - # df: 16 # stop accepting uploads if less than 16 GB free disk space - # ver # show copyparty version in the controlpanel - # grid # show thumbnails/grid-view by default - # theme: 2 # monokai - # name: datasaver # change the server-name that's displayed in the browser - # stats, nos-dup # enable the prometheus endpoint, but disable the dupes counter (too slow) - # no-robots, force-js # make it harder for search engines to read your server - + i: 127.0.0.1 [accounts] - ed: wark # username: password + user: password - -[/] # create a volume at "/" (the webroot), which will - /mnt # share the contents of the "/mnt" folder +[/] + /var/lib/copyparty-jail accs: - rw: * # everyone gets read-write access, but - rwmda: ed # the user "ed" gets read-write-move-delete-admin + r: * + rwdma: user + flags: + grid \ No newline at end of file diff --git a/contrib/systemd/copyparty.example.conf b/contrib/systemd/copyparty.example.conf new file mode 100644 index 00000000..79560d0d --- /dev/null +++ b/contrib/systemd/copyparty.example.conf @@ -0,0 +1,42 @@ +# not actually YAML but lets pretend: +# -*- mode: yaml -*- +# vim: ft=yaml: + + +# put this file in /etc/ + + +[global] + e2dsa # enable file indexing and filesystem scanning + e2ts # and enable multimedia indexing + ansi # and colors in log messages + + # disable logging to stdout/journalctl and log to a file instead; + # $LOGS_DIRECTORY is usually /var/log/copyparty (comes from systemd) + # and copyparty replaces %Y-%m%d with Year-MonthDay, so the + # full path will be something like /var/log/copyparty/2023-1130.txt + # (note: enable compression by adding .xz at the end) + q, lo: $LOGS_DIRECTORY/%Y-%m%d.log + + # p: 80,443,3923 # listen on 80/443 as well (requires CAP_NET_BIND_SERVICE) + # i: 127.0.0.1 # only allow connections from localhost (reverse-proxies) + # ftp: 3921 # enable ftp server on port 3921 + # p: 3939 # listen on another port + # df: 16 # stop accepting uploads if less than 16 GB free disk space + # ver # show copyparty version in the controlpanel + # grid # show thumbnails/grid-view by default + # theme: 2 # monokai + # name: datasaver # change the server-name that's displayed in the browser + # stats, nos-dup # enable the prometheus endpoint, but disable the dupes counter (too slow) + # no-robots, force-js # make it harder for search engines to read your server + + +[accounts] + ed: wark # username: password + + +[/] # create a volume at "/" (the webroot), which will + /mnt # share the contents of the "/mnt" folder + accs: + rw: * # everyone gets read-write access, but + rwmda: ed # the user "ed" gets read-write-move-delete-admin diff --git a/contrib/systemd/copyparty@.service b/contrib/systemd/copyparty@.service new file mode 100644 index 00000000..cd891eab --- /dev/null +++ b/contrib/systemd/copyparty@.service @@ -0,0 +1,30 @@ +# this will start `/usr/bin/copyparty` +# and read config from `/etc/copyparty/copyparty.conf` +# +# the %i refers to whatever you put after the copyparty@ +# so with copyparty@foo.service, %i == foo +# +# unless you add -q to disable logging, you may want to remove the +# following line to allow buffering (slightly better performance): +# Environment=PYTHONUNBUFFERED=x + +[Unit] +Description=copyparty file server + +[Service] +Type=notify +SyslogIdentifier=copyparty +WorkingDirectory=/var/lib/copyparty-jail +Environment=PYTHONUNBUFFERED=x +Environment=PRTY_CONFIG=/etc/copyparty/copyparty.conf +ExecReload=/bin/kill -s USR1 $MAINPID + +# user to run as + where the TLS certificate is (if any) +User=%i +Environment=XDG_CONFIG_HOME=/home/%i/.config + +# run copyparty +ExecStart=/usr/bin/python3 /usr/bin/copyparty + +[Install] +WantedBy=multi-user.target diff --git a/contrib/systemd/index.md b/contrib/systemd/index.md new file mode 100644 index 00000000..cfd1b715 --- /dev/null +++ b/contrib/systemd/index.md @@ -0,0 +1,10 @@ +this is `/var/lib/copyparty-jail`, the fallback webroot when copyparty has not yet been configured + +please edit `/etc/copyparty/copyparty.conf` (if running as a system service) +or `$HOME/.config/copyparty/copyparty.conf` if running as a user service + +a basic configuration example is available at https://github.com/9001/copyparty/blob/hovudstraum/contrib/systemd/copyparty.example.conf +a configuration example that explains most flags is available at https://github.com/9001/copyparty/blob/hovudstraum/docs/chungus.conf + +the full list of configuration options can be seen at https://ocv.me/copyparty/helptext.html +or by running `copyparty --help` diff --git a/contrib/systemd/prisonparty-user.service b/contrib/systemd/prisonparty-user.service new file mode 100644 index 00000000..e0aaeaf8 --- /dev/null +++ b/contrib/systemd/prisonparty-user.service @@ -0,0 +1,33 @@ +# this will start `/usr/bin/copyparty` +# in a chroot, preventing accidental access elsewhere, +# and read copyparty config from `$HOME/.config/copyparty.conf` +# +# expose additional filesystem locations to copyparty +# by listing them between the last `%u` and `--` +# +# unless you add -q to disable logging, you may want to remove the +# following line to allow buffering (slightly better performance): +# Environment=PYTHONUNBUFFERED=x + +[Unit] +Description=copyparty file server + +[Service] +Type=notify +SyslogIdentifier=prisonparty +WorkingDirectory=/var/lib/copyparty-jail +Environment=PYTHONUNBUFFERED=x +Environment=PRTY_CONFIG=%h/.config/copyparty/copyparty.conf +ExecReload=/bin/kill -s USR1 $MAINPID + +# ensure there is a config +ExecStartPre=/bin/bash -c 'if [[ ! -f %h/.config/copyparty/copyparty.conf ]]; then mkdir -p %h/.config/copyparty; cp /etc/copyparty/copyparty.conf %h/.config/copyparty/copyparty.conf; fi' + +# run copyparty +ExecStart=/bin/bash /usr/bin/prisonparty /var/lib/copyparty-jail %u %u \ + %h/.config/copyparty \ + -- \ + /usr/bin/python3 /usr/bin/copyparty + +[Install] +WantedBy=default.target diff --git a/contrib/package/arch/prisonparty.service b/contrib/systemd/prisonparty@.service similarity index 51% rename from contrib/package/arch/prisonparty.service rename to contrib/systemd/prisonparty@.service index cd35ba99..d30010ae 100644 --- a/contrib/package/arch/prisonparty.service +++ b/contrib/systemd/prisonparty@.service @@ -1,11 +1,13 @@ -# this will start `/usr/bin/copyparty-sfx.py` +# this will start `/usr/bin/copyparty` # in a chroot, preventing accidental access elsewhere, -# and read copyparty config from `/etc/copyparty.d/*.conf` +# and read copyparty config from `/etc/copyparty/copyparty.conf` # # expose additional filesystem locations to copyparty -# by listing them between the last `cpp` and `--` +# by listing them between the last `%i` and `--` # -# `cpp cpp` = user/group to run copyparty as; can be IDs (1000 1000) +# `%i %i` = user/group to run copyparty as; can be IDs (1000 1000) +# the %i refers to whatever you put after the prisonparty@ +# so with prisonparty@foo.service, %i == foo # # unless you add -q to disable logging, you may want to remove the # following line to allow buffering (slightly better performance): @@ -15,19 +17,22 @@ Description=copyparty file server [Service] +Type=notify SyslogIdentifier=prisonparty -Environment=PYTHONUNBUFFERED=x WorkingDirectory=/var/lib/copyparty-jail +Environment=PYTHONUNBUFFERED=x +Environment=PRTY_CONFIG=/etc/copyparty/copyparty.conf ExecReload=/bin/kill -s USR1 $MAINPID -# stop systemd-tmpfiles-clean.timer from deleting copyparty while it's running -ExecStartPre=+/bin/bash -c 'mkdir -p /run/tmpfiles.d/ && echo "x /tmp/pe-copyparty*" > /run/tmpfiles.d/copyparty.conf' +# user to run as + where the TLS certificate is (if any) +User=%i +Environment=XDG_CONFIG_HOME=/home/%i/.config # run copyparty -ExecStart=/bin/bash /usr/bin/prisonparty /var/lib/copyparty-jail cpp cpp \ - /etc/copyparty.d \ +ExecStart=/bin/bash /usr/bin/prisonparty /var/lib/copyparty-jail %i %i \ + /etc/copyparty \ -- \ - /usr/bin/python3 /usr/bin/copyparty -c /etc/copyparty.d/init + /usr/bin/python3 /usr/bin/copyparty [Install] WantedBy=multi-user.target diff --git a/copyparty/svchub.py b/copyparty/svchub.py index 07d85d83..1af13276 100644 --- a/copyparty/svchub.py +++ b/copyparty/svchub.py @@ -850,15 +850,6 @@ class SvcHub(object): def _check_env(self) -> None: al = self.args - try: - files = os.listdir(E.cfg) - except: - files = [] - - hits = [x for x in files if x.lower().endswith(".conf")] - if hits: - t = "WARNING: found config files in [%s]: %s\n config files are not expected here, and will NOT be loaded (unless your setup is intentionally hella funky)" - self.log("root", t % (E.cfg, ", ".join(hits)), 3) if self.args.no_bauth: t = "WARNING: --no-bauth disables support for the Android app; you may want to use --bauth-last instead"