From 647fa59ecbc8b51309ef20288de5eb73a042f869 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Chlo=C3=A9=20Vulquin?= Date: Mon, 19 Jan 2026 20:18:38 +0100 Subject: initial import --- nitro@/README.md | 35 +++++++++++++++++++++++++++++++++++ nitro@/common | 16 ++++++++++++++++ nitro@/run | 7 +++++++ nitro@/setup | 28 ++++++++++++++++++++++++++++ nitro@/unitroctl | 9 +++++++++ 5 files changed, 95 insertions(+) create mode 100644 nitro@/README.md create mode 100644 nitro@/common create mode 100755 nitro@/run create mode 100755 nitro@/setup create mode 100755 nitro@/unitroctl (limited to 'nitro@') diff --git a/nitro@/README.md b/nitro@/README.md new file mode 100644 index 0000000..bf94a96 --- /dev/null +++ b/nitro@/README.md @@ -0,0 +1,35 @@ +# nitro@ : nitro user services +I heard you like nitro, so how about sharing a bit with your users? This runs +nitro in a way that users can run their own services (as themselves), and does +not depend on a seat manager. + +When symlinked as `nitro@username`, will run a user service nitro daemon for +`username`. You can configure things for all users via `./conf`, or for a +particular user via `./conf.username`. + +Here are the settings you can set / may want to set: +* `$HOME`: you can override the user's home directory. This is only ever used to + define `CONFDIR`, but you might want to set this to something in /media for + example. It is also exported, so they may be affected by this. +* `$CONFDIR`: the nitro config dirctory for the user (equivalent of + /etc/nitro). Defaults to `$HOME/.config/nitro`. +* `$SOCKET_PREFIX`: where to place the user's runtime directory, if + any. Basically the `/run/user` prefix for default `$SOCKDIR`. Note that this + is sensitive! `unitroctl` won't know if you change this, so changing this (or + `$SOCKDIR`) will require that the user manually set `$NITRO_SOCK`. +* `$SOCKDIR`: the parent directory for nitro's runtime directory. For example, + if `$NITRO_SOCK` will be `/foo/bar/nitro/nitro.sock`, then this is + `/foo/bar`. `$NITRO_SOCK` is not configurable (though you can always edit it + in!). Defaults to `${SOCKET_PREFIX:-/run/user}/$UID`. +* `$CHPSTUSER`: what to pass to chpst's `-u` argument. Defaults to `:$(id -u + $USER):$(id -G $USER)`, so for UID 1000 GID 1000 supplementary groups 1, 2, 3, + this will be `:1000:1000:1:2:3`. Importantly, this is not sanity-checked, so + you could run a daemon with an extra (or fewer) user groups. + +There are a couple of failure conditions. By default, ./setup is written in such +a way as to continually retry if any of them are hit. See ./setup for more +details. + +While users (or even you via the system profile) can set `$NITRO_SOCK` ahead of +time to an appropriate value, the `unitroctl` script exists in case you didn't +change either socket default. diff --git a/nitro@/common b/nitro@/common new file mode 100644 index 0000000..bd0e300 --- /dev/null +++ b/nitro@/common @@ -0,0 +1,16 @@ +#!/bin/sh +# before sourcing, set USER="$1" + +[ -r ./conf ] && . ./conf +# this lets you create configs per-user +[ -r ./conf."$USER" ] && . ./conf."$USER" + +UID=$(id -u "$USER") +GID=$(id -g "$USER") + +: ${HOME:=$(getent passwd "$USER" | cut -d: -f6)} \ + ${CONFDIR:="$HOME"/.config/nitro} \ + ${CHPSTUSER:=:$UID:$(id -G "$USER" | tr ' ' ':')} \ + ${SOCKDIR:=${SOCKET_PREFIX:-/run/user}/$UID} + +export USER HOME NITRO_SOCK="$SOCKDIR"/nitro/nitro.sock diff --git a/nitro@/run b/nitro@/run new file mode 100755 index 0000000..d368468 --- /dev/null +++ b/nitro@/run @@ -0,0 +1,7 @@ +#!/bin/sh + +# if we made it this far, all the checks have passed +USER="$1" +. ./common + +exec chpst -u "$CHPSTUSER" nitro "$CONFDIR" diff --git a/nitro@/setup b/nitro@/setup new file mode 100755 index 0000000..d906bcb --- /dev/null +++ b/nitro@/setup @@ -0,0 +1,28 @@ +#!/bin/sh + +# when you enable nitro@username, "$1" to setup (and run) is "username" +# fail if "username" doesn't exist on this system (as per the passwd database) +# this isn't a definitive failure (the user may be created later) +getent passwd "$1" >/dev/null || exit 1 + +USER="$1" +. ./common + +# make sure the user has the config directory +# by default this is ~/.config/nitro +# if it doesn't exist, there's not much of a point to starting +# this isn't a definitive failure (the user might create it later) +[ -d "$CONFDIR" ] || exit 2 + +# the socket needs to go somewhere +# by default, it goes into /run/user/$UID/nitro/nitro.sock +# /run/user/$UID may not exist, so we create it if it doesn't +if [ ! -d "$SOCKDIR" ]; then + mkdir -p -m 0700 "$SOCKDIR" + chown $UID:$GID "$SOCKDIR" +fi + +# if creating it failed (e.g. /run is a read-only filesystem), fail +# this is also not a definitive failure: +# /run might be in the process of remounting +[ -d "$SOCKDIR" ] || exit 3 diff --git a/nitro@/unitroctl b/nitro@/unitroctl new file mode 100755 index 0000000..d84817a --- /dev/null +++ b/nitro@/unitroctl @@ -0,0 +1,9 @@ +#!/bin/sh + +: ${NITRO_SOCK:=/run/user/$(id -u)/nitro/nitro.sock} +if [ ! -S "$NITRO_SOCK" ]; then + echo "unitroctl: couldn't find socket $NITRO_SOCK" >&2 + exit 1 +fi +export NITRO_SOCK +exec nitroctl "$@" -- cgit v1.2.3