Kyle Isom
c7024dcdf0
Layer 4 TLS SNI proxy with global firewall (IP/CIDR/GeoIP blocking), per-listener route tables, bidirectional TCP relay with half-close propagation, and a gRPC admin API (routes, firewall, status) with TLS/mTLS support. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
43 lines
1.3 KiB
Bash
Executable File
43 lines
1.3 KiB
Bash
Executable File
#!/bin/sh
|
|
set -eu
|
|
|
|
SERVICE="mc-proxy"
|
|
BINARY="/usr/local/bin/${SERVICE}"
|
|
DATA_DIR="/srv/${SERVICE}"
|
|
UNIT_DIR="/etc/systemd/system"
|
|
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
|
|
REPO_DIR="$(cd "${SCRIPT_DIR}/../.." && pwd)"
|
|
|
|
# Create system user and group (idempotent).
|
|
if ! id -u "${SERVICE}" >/dev/null 2>&1; then
|
|
useradd --system --no-create-home --shell /usr/sbin/nologin "${SERVICE}"
|
|
echo "Created system user ${SERVICE}."
|
|
fi
|
|
|
|
# Install binary.
|
|
install -m 0755 "${REPO_DIR}/${SERVICE}" "${BINARY}"
|
|
echo "Installed ${BINARY}."
|
|
|
|
# Create data directory structure.
|
|
install -d -o "${SERVICE}" -g "${SERVICE}" -m 0700 "${DATA_DIR}"
|
|
install -d -o "${SERVICE}" -g "${SERVICE}" -m 0700 "${DATA_DIR}/backups"
|
|
echo "Created ${DATA_DIR}/."
|
|
|
|
# Install example config if none exists.
|
|
if [ ! -f "${DATA_DIR}/${SERVICE}.toml" ]; then
|
|
install -o "${SERVICE}" -g "${SERVICE}" -m 0600 \
|
|
"${REPO_DIR}/${SERVICE}.toml.example" \
|
|
"${DATA_DIR}/${SERVICE}.toml"
|
|
echo "Installed example config to ${DATA_DIR}/${SERVICE}.toml — edit before starting."
|
|
fi
|
|
|
|
# Install systemd units.
|
|
install -m 0644 "${REPO_DIR}/deploy/systemd/${SERVICE}.service" "${UNIT_DIR}/"
|
|
systemctl daemon-reload
|
|
echo "Installed systemd unit ${SERVICE}.service."
|
|
|
|
echo ""
|
|
echo "Done. Next steps:"
|
|
echo " 1. Edit ${DATA_DIR}/${SERVICE}.toml"
|
|
echo " 2. systemctl enable --now ${SERVICE}"
|