* Fri Aug 29 2025 Jean-Philippe Pialasse <jpp@koozali.org> 0.1.6-9.sme

- fix service unit permission issues [SME: 12258]
2025-08-29 14:18:33 -04:00
parent 73d65d729e
commit 7fa421b070
3 changed files with 19 additions and 5 deletions
--- a/root/sbin/e-smith/systemd/openvpn-routed
+++ b/root/sbin/e-smith/systemd/openvpn-routed
@@ -24,7 +24,12 @@ if [[ ! -f /etc/openvpn/routed/pub/cacrl.pem && -f /etc/openvpn/bridge/pub/cacrl
    /sbin/e-smith/expand-template /etc/openvpn/routed/openvpn.conf 
  fi
 fi
-chmod 0600 /etc/openvpn/routed/priv/*
-chmod 0644 /etc/openvpn/routed/pub/*
-chown root:admin /etc/openvpn/routed/priv/*
-chown root:admin /etc/openvpn/routed/pub/*
+
+if [ ! -z "$( ls -A '/etc/openvpn/routed/priv/' )" ]; then
+    chmod 0600 /etc/openvpn/routed/priv/*
+    chown root:admin /etc/openvpn/routed/priv/* 
+fi
+if [ ! -z "$( ls -A '/etc/openvpn/routed/pub/' )" ]; then
+    chmod 0644 /etc/openvpn/routed/pub/*
+    chown root:admin /etc/openvpn/routed/pub/*
+fi
--- a/root/usr/lib/systemd/system/openvpn-routed.service
+++ b/root/usr/lib/systemd/system/openvpn-routed.service
@@ -1,11 +1,17 @@
 [Unit]
 Description=OpenVPN Server routed for Roadwariors
 After=network.service
+ConditionPathExists=/etc/openvpn/routed/priv/key.pem
+ConditionPathExists=/etc/openvpn/routed/pub/cert.pem
+ConditionPathExists=/etc/openvpn/routed/pub/cacert.pem
+ConditionPathExists=/etc/openvpn/routed/pub/dh.pem
+# /etc/openvpn/routed/priv/takey.pem is optional

 [Service]
 Type=notify
 PrivateTmp=true
 WorkingDirectory=/etc/openvpn/routed
+PermissionsStartOnly=true

 ExecStartPre=-/sbin/e-smith/service-status 'openvpn-routed'
 ExecStartPre=-/sbin/e-smith/systemd/openvpn-routed