add prisonparty systemd example

bin/prisonparty.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 set -e
 
-# runs copyparty (or any other python script really) in a chroot
+# runs copyparty (or any other program really) in a chroot
 #
 # assumption: these directories, and everything within, are owned by root
 sysdirs=( /bin /lib /lib32 /lib64 /sbin /usr )
@@ -34,6 +34,8 @@ while true; do
 	[ "$#" -eq 0 ] && break  # invalid usage
 	vols+=( "$(realpath "$v")" )
 done
+pybin="$1"; shift
+pybin="$(realpath "$pybin")"
 cpp="$1"; shift
 cpp="$(realpath "$cpp")"
 cppdir="$(dirname "$cpp")"
@@ -83,7 +85,7 @@ chmod 777 "$jail/tmp"
 
 
 # run copyparty
-/sbin/chroot --userspec=$uid:$gid "$jail" "$(which python3)" "$cpp" "$@" && rv=0 || rv=$?
+/sbin/chroot --userspec=$uid:$gid "$jail" "$pybin" "$cpp" "$@" && rv=0 || rv=$?
 
 
 # cleanup if not in use

contrib/systemd/prisonparty.service

@@ -0,0 +1,27 @@
+# this will start `/usr/local/bin/copyparty-sfx.py`
+# in a chroot, preventing accidental access elsewhere
+# and share '/mnt' with anonymous read+write
+#
+# installation:
+#   1) put copyparty-sfx.py and prisonparty.sh in /usr/local/bin
+#   2) cp -pv prisonparty.service /etc/systemd/system && systemctl enable --now prisonparty
+#
+# you may want to:
+#   change '/mnt::rw' to another location or permission-set
+#    (remember to change the '/mnt' chroot arg too)
+#
+# enable line-buffering for realtime logging (slight performance cost):
+#   inside the [Service] block, add the following line:
+#   Environment=PYTHONUNBUFFERED=x
+
+[Unit]
+Description=copyparty file server
+
+[Service]
+SyslogIdentifier=prisonparty
+WorkingDirectory=/usr/local/bin
+ExecStart=/bin/bash /usr/local/bin/prisonparty.sh /var/lib/copyparty-jail 1000 1000 /mnt -- \
+  /usr/bin/python3 /usr/local/bin/copyparty-sfx.py -q -v /mnt::rw
+
+[Install]
+WantedBy=multi-user.target