From 6497ce90e44d7ff202c7a392c7adc6f453cbfc83 Mon Sep 17 00:00:00 2001 From: openoms Date: Tue, 3 Sep 2024 08:36:41 +0200 Subject: [PATCH] set nofile limits for the strfry user --- home.admin/config.scripts/bonus.strfry.sh | 33 ++++++++++++++++------- 1 file changed, 23 insertions(+), 10 deletions(-) diff --git a/home.admin/config.scripts/bonus.strfry.sh b/home.admin/config.scripts/bonus.strfry.sh index 0aa01f506..d4591b6ee 100755 --- a/home.admin/config.scripts/bonus.strfry.sh +++ b/home.admin/config.scripts/bonus.strfry.sh @@ -3,7 +3,6 @@ # https://github.com/hoytech/strfry/commits/master/ VERSION="32a367738c6db7430780058c4a6c98b271af73b2" -APPID=strfry portTCP=7777 portSSL=7778 @@ -17,19 +16,31 @@ fi if [ "$1" = "on" ]; then - sudo adduser --system --group --shell /bin/bash --home /home/${APPID} ${APPID} || exit 1 + LIMITS=("strfry soft nofile 1000000" "strfry hard nofile 1000000") + # Loop through each limit + for LIMIT in "${LIMITS[@]}"; do + # Check if the limit already exists + if ! grep -q "$LIMIT" /etc/security/limits.conf; then + echo "$LIMIT" | sudo tee -a /etc/security/limits.conf >/dev/null + echo "Limit added: $LIMIT" + else + echo "Limit already exists: $LIMIT" + fi + done - sudo apt install -y git build-essential libyaml-perl libtemplate-perl libregexp-grammars-perl libssl-dev zlib1g-dev liblmdb-dev libflatbuffers-dev libsecp256k1-dev libzstd-dev ufw + sudo adduser --system --group --shell /bin/bash --home /home/strfry strfry || exit 1 - cd /home/${APPID} || exit 1 + sudo apt install -y build-essential libyaml-perl libtemplate-perl libregexp-grammars-perl libssl-dev zlib1g-dev liblmdb-dev libflatbuffers-dev libsecp256k1-dev libzstd-dev - sudo -u ${APPID} git clone https://github.com/hoytech/strfry.git + cd /home/strfry || exit 1 + + sudo -u strfry git clone https://github.com/hoytech/strfry.git cd strfry || exit 1 - sudo -u ${APPID} git reset --hard ${VERSION} + sudo -u strfry git reset --hard ${VERSION} - sudo -u ${APPID} git submodule update --init - sudo -u ${APPID} make setup-golpe - sudo -u ${APPID} make -j2 + sudo -u strfry git submodule update --init + sudo -u strfry make setup-golpe + sudo -u strfry make -j2 sudo mkdir /mnt/hdd/app-storage/strfry-db sudo chown strfry:strfry /mnt/hdd/app-storage/strfry-db @@ -39,7 +50,7 @@ if [ "$1" = "on" ]; then sudo mkdir -p /mnt/hdd/app-data/strfry sudo chown -R strfry:strfry /mnt/hdd/app-data/strfry sudo chmod 755 /mnt/hdd/app-data/strfry - sudo -u ${APPID} cp ./strfry.conf /mnt/hdd/app-data/strfry/strfry.conf + sudo -u strfry cp ./strfry.conf /mnt/hdd/app-data/strfry/strfry.conf # symlink sudo ln -s /mnt/hdd/app-data/strfry/strfry.conf /etc/strfry.conf @@ -98,6 +109,8 @@ if [ "$1" = "off" ]; then # Tor /home/admin/config.scripts/tor.onion-service.sh strfry off + sudo userdel -rf strfry + # setting value in raspiblitz config /home/admin/config.scripts/blitz.conf.sh set strfry "off"